> On Tuesday 2010-01-12 20:49, Narendra K wrote:
> >
> >The proposal is to enhance iptables (and other tools which might fail
> if
> >integrated port 1 does not get named as eth0) to support something
> like
> >[...]
> >Below is how the iptables code that handles the "-i ethN" would look
> >like (Only a part of the code to demonstrate the idea shown here) -
> >
> >diff -Naru iptables-1.4.5/xtables.c iptables-1.4.5-new/xtables.c
> >--- iptables-1.4.5/xtables.c 2010-01-12 02:47:16.293249537 +0530
> >+++ iptables-1.4.5-new/xtables.c 2010-01-13 06:14:12.130185117
+0530
> >@@ -455,8 +455,8 @@
> > void xtables_parse_interface(const char *arg, char *vianame,
> > unsigned char *mask)
> > {
> >- int vialen = strlen(arg);
> > unsigned int i;
> >+ static char kernel_name[IFNAMSIZ];
> >
> > memset(mask, 0, IFNAMSIZ);
> > memset(vianame, 0, IFNAMSIZ);
> >@@ -466,7 +466,11 @@
> > "interface name `%s' must be shorter than
> IFNAMSIZ"
> > " (%i)", arg, IFNAMSIZ-1);
> >
> >- strcpy(vianame, arg);
> >+ if (netdev_alias_to_kernel_name(arg, kernel_name) < 0)
> >+ show_alias_name_usage();
> >+
> >+ strcpy(vianame, kernel_name);
> >+ int vialen = strlen(kernel_name);
> > if ((vialen == 0) || (vialen == 1 && vianame[0] == '+'))
> > memset(mask, 0, IFNAMSIZ);
> > else if (vianame[vialen - 1] == '+') {
>
> That code, even if snippet, needs more work.
>
> (iptables is not too great on multithread safety, but do we have to
> make it worse by adding static buffers? And unchecked strcpy, what
> should BPF think of us?)
>
Thanks. Sure, I would address these concerns.
> >where kernel_name is the ethN name that will be returned by a library
> >like libnetdevname which will map the user supplied "Embedded_NIC_1"
> >name to the corresponding ethN name, thus bringing in determinism
> while
> >referring to the network interfaces.
> >
> >Netfilter-devel, would this be acceptable ?
>
> I tried to look at libnetdevname. There is a gitweb, but no
> git-clone. I think that they library should possibly use netlink
> and libtool. And other remarks.
I would look into why git clone isn't working. Please find the latest
libnetdevname tar file here -
http://linux.dell.com/libnetdevname/permalink/
The implementation is for char device node solution we proposed earlier.
It would be extended to handle the current proposal if it is acceptable.
With regards,
Narendra K
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
