Re: [PATCH 8/9] libxt_udp: use guided option parser

Lutz Jaenicke <ljaenicke@xxxxxxxxxxxxxx> · Wed, 18 May 2011 14:49:16 +0200

Hi,

this modification lead to a subtle failure I don't know how to cure yet.

On Sun, May 01, 2011 at 01:50:28PM +0200, Jan Engelhardt wrote:
> Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx>
> ---
>  extensions/libxt_udp.c |   95 +++++++++++++++---------------------------------
>  1 files changed, 30 insertions(+), 65 deletions(-)
> 
> diff --git a/extensions/libxt_udp.c b/extensions/libxt_udp.c
> index 505b3c8..a539edd 100644
> --- a/extensions/libxt_udp.c
> +++ b/extensions/libxt_udp.c

...
> +#define s struct xt_udp
> +static const struct xt_option_entry udp_opts[] = {
> +	{.name = "source-port", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC_NE,
> +	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
> +	{.name = "sport", .id = O_SOURCE_PORT, .type = XTTYPE_PORTRC_NE,
> +	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, spts)},
> +	{.name = "destination-port", .id = O_DEST_PORT, .type = XTTYPE_PORTRC_NE,
> +	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
> +	{.name = "dport", .id = O_DEST_PORT, .type = XTTYPE_PORTRC_NE,
> +	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, dpts)},
> +	XTOPT_TABLEEND,
>  };

The port parsing now performed indirectly via xtables_getportbyname() and
then hence getaddrinfo().
At least for uClibc (did not test glibc), getaddrinfo() will complain
when a port is specified by number but no socket type of address family
is set:
...
  /*
   * Can't specify a numerical socket unless a protocol
   * family was given.
   */
   if (hints->ai_socktype == 0 && hints->ai_protocol == 0)
            return EAI_SERVICE;
...

The straight forward solution would be to add a respective ai_protocol
information (we actually know that it is IPPROTO_UDP). I am currently
however not deep enough into the new parser structure to know where to
add this information to the function calls and or data structures.

Note: the same issue will pop up for not yet converted protocols like UDP.

Best regards,
	Lutz
-- 
Dr.-Ing. Lutz Jänicke
CTO
Innominate Security Technologies AG  /protecting industrial networks/
tel: +49.30.921028-200
fax: +49.30.921028-020
Rudower Chaussee 13
D-12489 Berlin, Germany
www.innominate.com

Register Court: AG Charlottenburg, HR B 81603
Management Board: Dirk Seewald
Chairman of the Supervisory Board: Volker Bibelhausen
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html