hexadecimal fwmark and fwmark mask

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi list,

I'm new to this list, I just subscribed because I have some ackward
about IPRoute2.

First, while playing with NetFilter' "MARK" target, I met a weird
behaviour once I tried to use this marks in the RPDB : the packets
where successfully marked, but it seemed that RPDB didn't succed in
matching them (for those who already know the answer, I only used
marks above 9). After googling a while, I found that ip(8) only
accepts hexadecimal numbers for "fwmark" statement. IMHO, I think
that allowing only hexadecimal values in ip(8) while iptables(8)
allows to either use decimal or hexadecimal value is quite
inconsistent.
I checked ip(8) sources, and here is the point :

        } else if (strcmp(*argv, "fwmark") == 0) {
                __u32 fwmark;
                NEXT_ARG();
                if (get_u32(&fwmark, *argv, 16))
                        invarg("fwmark value is invalid\n", *argv);
                addattr32(&req.n, sizeof(req), RTA_PROTOINFO, fwmark);

get_u32() function just call strtoul(3) among a few sanity checks,
and the third parameter (value 16 here) is the base used to convert
the string. Here is a part of the manual page of strtoul(3) :

<< If base is zero or 16, the string may then include a `0x' prefix,n
   and the number will be read in base 16; otherwise, a zero base is
   taken as 10 (decimal) unless the next character is `0', in which
   case it is taken as 8 (octal). >>

As you can see, replacing 16 by 0 in this code would give the whole
Linux TCP/IP framework far more consistency, and will certainly avoid
numerous stupid mistakes. On the other hand, existing scripts that
(wrongly) rely on the fact that "10" means in fact "0x10", won't
work any longer and will need a little work for conversion.


Then, another lack I would like to point is that while iptable(8)
"mark" match allows to use a mask before comparing the packet mark
to the wanted value, ip(8) doesn't. It would be great to have this
feature. I think the patch is not difficult to write, although I'm
not a C guru, I could try to write it.


I'm waiting for your feedback. :)

Regards,
-- 
Jeremie LE HEN aka TtZ/TataZ
jeremie.le-hen@xxxxxxxx . ttz@xxxxxxxx
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux