iptables - iptables tree

	Commit message (Collapse)	Author	Age	Files	Lines
*	nfnl_osf: Improve error handling	Phil Sutter	2020-05-18	1	-5/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	For some error cases, no log message was created - hence apart from the return code there was no indication of failing execution. If a line load fails, don't abort but continue with the remaining file contents. The current pf.os file in this repository serves as proof-of-concept: Lines 700 and 701: Duplicates of lines 698 and 699 because 'W' and 'W0' parse into the same data. Line 704: Duplicate of line 702 because apart from 'W' and 'W0', only the first three fields on right-hand side are sent to the kernel. When loading, these dups are ignored (they would bounce if NLM_F_EXCL was given). Upon deletion, they cause ENOENT response from kernel. In order to align duplicate-tolerance in both modes, just ignore that ENOENT. Signed-off-by: Phil Sutter <phil@nwl.cc>
*	nfnl_osf: Fix broken conversion to nfnl_query()	Phil Sutter	2020-05-18	1	-2/+4
\| \| \| \| \| \| \| \| \| \| \| \| \|	Due to missing NLM_F_ACK flag in request, nfnetlink code in kernel didn't create an own ACK message but left it upon subsystem to ACK or not. Since nfnetlink_osf doesn't ACK by itself, nfnl_query() got stuck waiting for a reply. Whoever did the conversion from deprecated nfnl_talk() obviously didn't even test basic functionality of the tool. Fixes: 52aa15098ebd6 ("nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query()") Signed-off-by: Phil Sutter <phil@nwl.cc>
*	utils: nfnl_osf: fix snprintf -Wformat-truncation warning	Fernando Fernandez Mancera	2019-07-25	1	-6/+9
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Fedora 30 uses very recent gcc (version 9.1.1 20190503 (Red Hat 9.1.1-1)), osf produces following warnings: -Wformat-truncation warning have been introduced in the version 7.1 of gcc. Also, remove a unneeded address check of "tmp + 1" in nf_osf_strchr(). nfnl_osf.c: In function ‘nfnl_osf_load_fingerprints’: nfnl_osf.c:346:33: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 128 [-Wformat-truncation=] 346 \| snprintf(obuf, sizeof(obuf), "%s,", pbeg); \| ^~ nfnl_osf.c:346:3: note: ‘snprintf’ output between 2 and 1025 bytes into a destination of size 128 346 \| snprintf(obuf, sizeof(obuf), "%s,", pbeg); \| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ nfnl_osf.c:354:40: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 32 [-Wformat-truncation=] 354 \| snprintf(f.genre, sizeof(f.genre), "%s", pbeg); \| ^~ nfnl_osf.c:354:4: note: ‘snprintf’ output between 1 and 1024 bytes into a destination of size 32 354 \| snprintf(f.genre, sizeof(f.genre), "%s", pbeg); \| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ nfnl_osf.c:363:43: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 32 [-Wformat-truncation=] 363 \| snprintf(f.version, sizeof(f.version), "%s", pbeg); \| ^~ nfnl_osf.c:363:3: note: ‘snprintf’ output between 1 and 1024 bytes into a destination of size 32 363 \| snprintf(f.version, sizeof(f.version), "%s", pbeg); \| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ nfnl_osf.c:370:47: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 32 [-Wformat-truncation=] 370 \| snprintf(f.subtype, sizeof(f.subtype), "%s", pbeg); \| ^~ nfnl_osf.c:370:7: note: ‘snprintf’ output between 1 and 1024 bytes into a destination of size 32 370 \| snprintf(f.subtype, sizeof(f.subtype), "%s", pbeg); \| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
*	Fix a few cases of pointless assignments	Phil Sutter	2018-09-24	1	-8/+5
\| \| \| \| \| \| \| \|	This gets rid of a number of assignments which are either redundant or not used afterwards. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
*	nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query()	Phil Sutter	2018-09-24	1	-1/+1
\| \| \| \| \| \| \|	This eliminates the deprecation warning when compiling the sources. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
*	nfnl_osf: Drop pointless check in xt_osf_strchr()	Phil Sutter	2018-09-24	1	-1/+1
\| \| \| \| \| \| \| \| \| \|	Although it remains unclear what the original intention behind the affected code was, but 'tmp + 1' always evaluates true since 'tmp' is a pointer value. Cc: Evgeniy Polyakov <johnpol@2ka.mxt.ru> Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
*	utils: nfnl_osf: Fix synopsis in help text	Phil Sutter	2017-10-04	1	-1/+1
\| \| \| \| \| \| \| \| \| \|	* -d is optional * -h is not really a flag, just anything not recognized triggers the help output. * That '<del rules>' bit is rather confusing than helpful. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
*	update FSF address in license text	Jiri Popelka	2014-03-13	1	-1/+1
\| \| \| \| \| \| \|	http://www.gnu.org/licenses/gpl-2.0.html http://www.fsf.org/about/contact/ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
*	libxt_osf: import nfnl_osf program	Jan Engelhardt	2010-04-06	1	-0/+485
	xt_osf is pretty useless without the actual fingerprint loader. Import nfnl_osf-2009-06-07 and make it a part of the iptables distribution. Cc: Evgeniy Polyakov <johnpol@2ka.mxt.ru> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>