Re: netfilter/iptables and network interface names

Patrick McHardy <kaber@xxxxxxxxx> · Fri, 05 Feb 2010 11:32:57 +0100

Jan Engelhardt wrote:
> On Thursday 2010-02-04 15:31, Patrick McHardy wrote:
>> I don't think there is a reason for this limitation in iptables,
>> so why not simply remove it?
> 
> Like this?
> 
> parent 350661a6eb089f3e54e67e022db9e16ea280499f (v1.4.6-7-g350661a)
> commit 02020c8fb965bbedae9eb43d9a9b964c46388cc3
> Author: Jan Engelhardt <jengelh@xxxxxxxxxx>
> Date:   Thu Feb 4 15:46:03 2010 +0100
> 
> Lift restrictions on interface names
> 
> The kernel has few restrictions.
> 
> Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx>

OK this looks fine. But I guess we still need to properly escape
names in iptables-save as Thomas has pointed out.

> ---
>  xtables.c |   11 +++++------
>  1 files changed, 5 insertions(+), 6 deletions(-)
> 
> diff --git a/xtables.c b/xtables.c
> index 63c5db7..f3baf84 100644
> --- a/xtables.c
> +++ b/xtables.c
> @@ -450,7 +450,7 @@ u_int16_t xtables_parse_port(const char *port, const char *proto)
>  void xtables_parse_interface(const char *arg, char *vianame,
>  			     unsigned char *mask)
>  {
> -	int vialen = strlen(arg);
> +	unsigned int vialen = strlen(arg);
>  	unsigned int i;
>  
>  	memset(mask, 0, IFNAMSIZ);
> @@ -462,7 +462,7 @@ void xtables_parse_interface(const char *arg, char *vianame,
>  			   " (%i)", arg, IFNAMSIZ-1);
>  
>  	strcpy(vianame, arg);
> -	if ((vialen == 0) || (vialen == 1 && vianame[0] == '+'))
> +	if (vialen == 0)
>  		memset(mask, 0, IFNAMSIZ);
>  	else if (vianame[vialen - 1] == '+') {
>  		memset(mask, 0xFF, vialen - 1);
> @@ -473,12 +473,11 @@ void xtables_parse_interface(const char *arg, char *vianame,
>  		memset(mask, 0xFF, vialen + 1);
>  		memset(mask + vialen + 1, 0, IFNAMSIZ - vialen - 1);
>  		for (i = 0; vianame[i]; i++) {
> -			if (vianame[i] == ':' ||
> -			    vianame[i] == '!' ||
> -			    vianame[i] == '*') {
> +			if (vianame[i] == '/' ||
> +			    vianame[i] == ' ') {
>  				fprintf(stderr,
>  					"Warning: weird character in interface"
> -					" `%s' (No aliases, :, ! or *).\n",
> +					" `%s' ('/' and ' ' are not allowed by the kernel).\n",
>  					vianame);
>  				break;
>  			}

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html