iptables-1.8.7-30.el9

- Use proto_to_name() from xshared in more places

Resolves: rhbz#2065330

0034-Use-proto_to_name-from-xshared-in-more-places.patch

@@ -0,0 +1,156 @@
+From dd052eb7326574b34a03e6f40862e2e59ce9e123 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Tue, 17 Nov 2020 00:57:10 +0100
+Subject: [PATCH] Use proto_to_name() from xshared in more places
+
+Share the common proto name lookup code. While being at it, make proto
+number variable 16bit, values may exceed 256.
+
+This aligns iptables-nft '-p' argument printing with legacy iptables. In
+practice, this should make a difference only in corner cases.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit 556f704458cdb509d395ddb7d2629987d60e762e)
+---
+ include/xtables.h     |  2 +-
+ iptables/ip6tables.c  | 22 +++++-----------------
+ iptables/iptables.c   | 20 +++++---------------
+ iptables/nft-shared.c |  6 +++---
+ iptables/xshared.c    |  2 +-
+ iptables/xshared.h    |  2 +-
+ 6 files changed, 16 insertions(+), 38 deletions(-)
+
+diff --git a/include/xtables.h b/include/xtables.h
+index b5a6764abfa4e..aec50573b835c 100644
+--- a/include/xtables.h
++++ b/include/xtables.h
+@@ -395,7 +395,7 @@ struct xtables_rule_match {
+  */
+ struct xtables_pprot {
+ 	const char *name;
+-	uint8_t num;
++	uint16_t num;
+ };
+ 
+ enum xtables_tryload {
+diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
+index 4422e28276ab5..897f30d5ef4b0 100644
+--- a/iptables/ip6tables.c
++++ b/iptables/ip6tables.c
+@@ -770,28 +770,16 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
+ 	}
+ }
+ 
+-/* The ip6tables looks up the /etc/protocols. */
+ static void print_proto(uint16_t proto, int invert)
+ {
+ 	if (proto) {
+-		unsigned int i;
++		const char *pname = proto_to_name(proto, 0);
+ 		const char *invertstr = invert ? " !" : "";
+ 
+-		const struct protoent *pent = getprotobynumber(proto);
+-		if (pent) {
+-			printf("%s -p %s",
+-			       invertstr, pent->p_name);
+-			return;
+-		}
+-
+-		for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
+-			if (xtables_chain_protos[i].num == proto) {
+-				printf("%s -p %s",
+-				       invertstr, xtables_chain_protos[i].name);
+-				return;
+-			}
+-
+-		printf("%s -p %u", invertstr, proto);
++		if (pname)
++			printf("%s -p %s", invertstr, pname);
++		else
++			printf("%s -p %u", invertstr, proto);
+ 	}
+ }
+ 
+diff --git a/iptables/iptables.c b/iptables/iptables.c
+index bbb87f16f8d1d..9964d14ed8195 100644
+--- a/iptables/iptables.c
++++ b/iptables/iptables.c
+@@ -739,23 +739,13 @@ list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
+ static void print_proto(uint16_t proto, int invert)
+ {
+ 	if (proto) {
+-		unsigned int i;
++		const char *pname = proto_to_name(proto, 0);
+ 		const char *invertstr = invert ? " !" : "";
+ 
+-		const struct protoent *pent = getprotobynumber(proto);
+-		if (pent) {
+-			printf("%s -p %s", invertstr, pent->p_name);
+-			return;
+-		}
+-
+-		for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
+-			if (xtables_chain_protos[i].num == proto) {
+-				printf("%s -p %s",
+-				       invertstr, xtables_chain_protos[i].name);
+-				return;
+-			}
+-
+-		printf("%s -p %u", invertstr, proto);
++		if (pname)
++			printf("%s -p %s", invertstr, pname);
++		else
++			printf("%s -p %u", invertstr, proto);
+ 	}
+ }
+ 
+diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
+index 1aaaa8159ff61..bd953d761b6ec 100644
+--- a/iptables/nft-shared.c
++++ b/iptables/nft-shared.c
+@@ -821,13 +821,13 @@ void save_rule_details(const struct iptables_command_state *cs,
+ 	}
+ 
+ 	if (proto > 0) {
+-		const struct protoent *pent = getprotobynumber(proto);
++		const char *pname = proto_to_name(proto, 0);
+ 
+ 		if (invflags & XT_INV_PROTO)
+ 			printf("! ");
+ 
+-		if (pent)
+-			printf("-p %s ", pent->p_name);
++		if (pname)
++			printf("-p %s ", pname);
+ 		else
+ 			printf("-p %u ", proto);
+ 	}
+diff --git a/iptables/xshared.c b/iptables/xshared.c
+index 171b0bdb7ca27..5a1f8169b00ea 100644
+--- a/iptables/xshared.c
++++ b/iptables/xshared.c
+@@ -48,7 +48,7 @@ void print_extension_helps(const struct xtables_target *t,
+ }
+ 
+ const char *
+-proto_to_name(uint8_t proto, int nolookup)
++proto_to_name(uint16_t proto, int nolookup)
+ {
+ 	unsigned int i;
+ 
+diff --git a/iptables/xshared.h b/iptables/xshared.h
+index 84f1a559aafb2..674a36635ffd0 100644
+--- a/iptables/xshared.h
++++ b/iptables/xshared.h
+@@ -152,7 +152,7 @@ enum {
+ 
+ extern void print_extension_helps(const struct xtables_target *,
+ 	const struct xtables_rule_match *);
+-extern const char *proto_to_name(uint8_t, int);
++extern const char *proto_to_name(uint16_t, int);
+ extern int command_default(struct iptables_command_state *,
+ 	struct xtables_globals *);
+ extern struct xtables_match *load_proto(struct iptables_command_state *);
+-- 
+2.34.1
+

iptables.spec

@@ -16,7 +16,7 @@ Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 URL: https://www.netfilter.org/projects/iptables
 Version: 1.8.7
-Release: 29%{?dist}
+Release: 30%{?dist}
 Source: %{url}/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@@ -62,6 +62,7 @@ Patch30: 0030-xshared-Merge-and-share-parse_chain.patch
 Patch31: 0031-nft-Reject-standard-targets-as-chain-names-when-rest.patch
 Patch32: 0032-libxtables-Implement-notargets-hash-table.patch
 Patch33: 0033-libxtables-Boost-rule-target-checks-by-announcing-ch.patch
+Patch34: 0034-Use-proto_to_name-from-xshared-in-more-places.patch
 
 # pf.os: ISC license
 # iptables-apply: Artistic 2.0
@@ -477,6 +478,9 @@ fi
 %ghost %{_mandir}/man8/ebtables.8.gz
 
 %changelog
+* Fri Mar 18 2022 Phil Sutter <psutter@redhat.com> - 1.8.7-30
+- Use proto_to_name() from xshared in more places
+
 * Fri Mar 18 2022 Phil Sutter <psutter@redhat.com> - 1.8.7-29
 - libxtables: Boost rule target checks by announcing chain names
 - libxtables: Implement notargets hash table