Nftables uses a internal service table to print service names. This
very table should be used when parsing new rules, to avoid conflicts
between nft service table and the local /etc/services, when loading
an exported ruleset.
Complements the commit:
(ccc5da4: datatype: Replace getnameinfo() by internal lookup table)
Fixes(Bug 1118 - nft: nft -f and nft list ruleset use different sets of
service -> port mappings)
Signed-off-by: Elise Lennion <elise.lennion@xxxxxxxxx>
---
src/datatype.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/src/datatype.c b/src/datatype.c
index d697a07..f1388dc 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -597,10 +597,9 @@ static void inet_service_type_print(const struct expr *expr)
static struct error_record *inet_service_type_parse(const struct expr *sym,
struct expr **res)
{
- struct addrinfo *ai;
+ const struct symbolic_constant *s;
uint16_t port;
uintmax_t i;
- int err;
char *end;
errno = 0;
@@ -611,13 +610,16 @@ static struct error_record *inet_service_type_parse(const struct expr *sym,
port = htons(i);
} else {
- err = getaddrinfo(NULL, sym->identifier, NULL, &ai);
- if (err != 0)
- return error(&sym->location, "Could not resolve service: %s",
- gai_strerror(err));
+ for (s = inet_service_tbl.symbols; s->identifier != NULL; s++) {
+ if (!strcmp(sym->identifier, s->identifier))
+ break;
+ }
- port = ((struct sockaddr_in *)ai->ai_addr)->sin_port;
- freeaddrinfo(ai);
+ if (s->identifier == NULL)
+ return error(&sym->location, "Could not resolve service: "
+ "Servname not found in nft services list");
+
+ port = s->value;
}
*res = constant_expr_alloc(&sym->location, &inet_service_type,
--
2.7.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
