iptables/0040-Use-proto_to_name-from-xshared-in-more-places.patch
Phil Sutter 1c8d6d0d32 iptables-1.8.5-1.el8
- Rebase to version 1.8.5 plus upstream-indicated fixes
- Fix for duplicate files in RPM due to imprecise globbing
- Drop bootstrap code again

Resolves: rhbz#2211063
2023-05-30 14:47:41 +02:00

157 lines
4.5 KiB
Diff

From adc559b69fc2b8d95a7c3bae96ca12faa0ba5d1d Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Tue, 17 Nov 2020 00:57:10 +0100
Subject: [PATCH] Use proto_to_name() from xshared in more places
Share the common proto name lookup code. While being at it, make proto
number variable 16bit, values may exceed 256.
This aligns iptables-nft '-p' argument printing with legacy iptables. In
practice, this should make a difference only in corner cases.
Signed-off-by: Phil Sutter <phil@nwl.cc>
(cherry picked from commit 556f704458cdb509d395ddb7d2629987d60e762e)
---
include/xtables.h | 2 +-
iptables/ip6tables.c | 22 +++++-----------------
iptables/iptables.c | 20 +++++---------------
iptables/nft-shared.c | 6 +++---
iptables/xshared.c | 2 +-
iptables/xshared.h | 2 +-
6 files changed, 16 insertions(+), 38 deletions(-)
diff --git a/include/xtables.h b/include/xtables.h
index 5044dd08e86d3..a7b36979398ba 100644
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -395,7 +395,7 @@ struct xtables_rule_match {
*/
struct xtables_pprot {
const char *name;
- uint8_t num;
+ uint16_t num;
};
enum xtables_tryload {
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index c95355b091568..ce01ce8c04af6 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -796,28 +796,16 @@ print_iface(char letter, const char *iface, const unsigned char *mask,
}
}
-/* The ip6tables looks up the /etc/protocols. */
static void print_proto(uint16_t proto, int invert)
{
if (proto) {
- unsigned int i;
+ const char *pname = proto_to_name(proto, 0);
const char *invertstr = invert ? " !" : "";
- const struct protoent *pent = getprotobynumber(proto);
- if (pent) {
- printf("%s -p %s",
- invertstr, pent->p_name);
- return;
- }
-
- for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
- if (xtables_chain_protos[i].num == proto) {
- printf("%s -p %s",
- invertstr, xtables_chain_protos[i].name);
- return;
- }
-
- printf("%s -p %u", invertstr, proto);
+ if (pname)
+ printf("%s -p %s", invertstr, pname);
+ else
+ printf("%s -p %u", invertstr, proto);
}
}
diff --git a/iptables/iptables.c b/iptables/iptables.c
index 7d6183116d265..514238d924780 100644
--- a/iptables/iptables.c
+++ b/iptables/iptables.c
@@ -764,23 +764,13 @@ list_entries(const xt_chainlabel chain, int rulenum, int verbose, int numeric,
static void print_proto(uint16_t proto, int invert)
{
if (proto) {
- unsigned int i;
+ const char *pname = proto_to_name(proto, 0);
const char *invertstr = invert ? " !" : "";
- const struct protoent *pent = getprotobynumber(proto);
- if (pent) {
- printf("%s -p %s", invertstr, pent->p_name);
- return;
- }
-
- for (i = 0; xtables_chain_protos[i].name != NULL; ++i)
- if (xtables_chain_protos[i].num == proto) {
- printf("%s -p %s",
- invertstr, xtables_chain_protos[i].name);
- return;
- }
-
- printf("%s -p %u", invertstr, proto);
+ if (pname)
+ printf("%s -p %s", invertstr, pname);
+ else
+ printf("%s -p %u", invertstr, proto);
}
}
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index c1664b50f9383..4253b08196d29 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -826,13 +826,13 @@ void save_rule_details(const struct iptables_command_state *cs,
}
if (proto > 0) {
- const struct protoent *pent = getprotobynumber(proto);
+ const char *pname = proto_to_name(proto, 0);
if (invflags & XT_INV_PROTO)
printf("! ");
- if (pent)
- printf("-p %s ", pent->p_name);
+ if (pname)
+ printf("-p %s ", pname);
else
printf("-p %u ", proto);
}
diff --git a/iptables/xshared.c b/iptables/xshared.c
index 3bcf24735c8fb..9a17a8fdf11cd 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -48,7 +48,7 @@ void print_extension_helps(const struct xtables_target *t,
}
const char *
-proto_to_name(uint8_t proto, int nolookup)
+proto_to_name(uint16_t proto, int nolookup)
{
unsigned int i;
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 1e86aba8b2375..7c881c56a25da 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -152,7 +152,7 @@ enum {
extern void print_extension_helps(const struct xtables_target *,
const struct xtables_rule_match *);
-extern const char *proto_to_name(uint8_t, int);
+extern const char *proto_to_name(uint16_t, int);
extern int command_default(struct iptables_command_state *,
struct xtables_globals *);
extern struct xtables_match *load_proto(struct iptables_command_state *);
--
2.40.0