[netfilter-cvslog] r3667 - in trunk/iptables: extensions include/linux/netfilter_ipv4

Sat Feb 12 22:40:17 CET 2005

Author: gandalf at netfilter.org
Date: 2005-02-12 22:40:16 +0100 (Sat, 12 Feb 2005)
New Revision: 3667

Modified:
   trunk/iptables/extensions/libipt_CONNMARK.c
   trunk/iptables/extensions/libipt_connmark.c
   trunk/iptables/include/linux/netfilter_ipv4/ipt_CONNMARK.h
   trunk/iptables/include/linux/netfilter_ipv4/ipt_connmark.h
Log:
Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace.
Also fixes a typo in CONNMARK, --mask set the mark, not the mask.

Initial patch by: Pablo Neira <pablo at eurodev.net>
Signed-off-by: Martin Josefsson <gandalf at wlug.westbo.se>


Modified: trunk/iptables/extensions/libipt_CONNMARK.c
===================================================================

--- trunk/iptables/extensions/libipt_CONNMARK.c	2005-02-12 21:21:01 UTC (rev 3666)
+++ trunk/iptables/extensions/libipt_CONNMARK.c	2005-02-12 21:40:16 UTC (rev 3667)
@@ -26,7 +26,7 @@
 
 #include <iptables.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ipt_CONNMARK.h>
+#include "../include/linux/netfilter_ipv4/ipt_CONNMARK.h"
 
 #if 0
 struct markinfo {
@@ -72,14 +72,25 @@
 	struct ipt_connmark_target_info *markinfo
 		= (struct ipt_connmark_target_info *)(*target)->data;
 
+#ifdef KERNEL_64_USERSPACE_32
+	markinfo->mask = ~0ULL;
+#else
+	markinfo->mask = ~0UL;
+#endif
+
 	switch (c) {
 		char *end;
 	case '1':
 		markinfo->mode = IPT_CONNMARK_SET;
-		markinfo->mask = ~0;
+#ifdef KERNEL_64_USERSPACE_32
+		markinfo->mark = strtoull(optarg, &end, 0);
+		if (*end == '/' && end[1] != '\0')
+		    markinfo->mask = strtoull(end+1, &end, 0);
+#else
 		markinfo->mark = strtoul(optarg, &end, 0);
 		if (*end == '/' && end[1] != '\0')
 		    markinfo->mask = strtoul(end+1, &end, 0);
+#endif
 		if (*end != '\0' || end == optarg)
 			exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
 		if (*flags)
@@ -89,7 +100,6 @@
 		break;
 	case '2':
 		markinfo->mode = IPT_CONNMARK_SAVE;
-		markinfo->mask = ~0;
 		if (*flags)
 			exit_error(PARAMETER_PROBLEM,
 			           "CONNMARK target: Can't specify --save-mark twice");
@@ -97,7 +107,6 @@
 		break;
 	case '3':
 		markinfo->mode = IPT_CONNMARK_RESTORE;
-		markinfo->mask = ~0;
 		if (*flags)
 			exit_error(PARAMETER_PROBLEM,
 			           "CONNMARK target: Can't specify --restore-mark twice");
@@ -107,9 +116,13 @@
 		if (!*flags)
 			exit_error(PARAMETER_PROBLEM,
 			           "CONNMARK target: Can't specify --mask without a operation");
-		markinfo->mark = strtoul(optarg, &end, 0);
+#ifdef KERNEL_64_USERSPACE_32
+		markinfo->mask = strtoull(optarg, &end, 0);
+#else
+		markinfo->mask = strtoul(optarg, &end, 0);
+#endif
 		if (*end != '\0' || end == optarg)
-			exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
+			exit_error(PARAMETER_PROBLEM, "Bad MASK value `%s'", optarg);
 		break;
 	default:
 		return 0;
@@ -126,6 +139,37 @@
 		           "CONNMARK target: No operation specified");
 }
 
+#ifdef KERNEL_64_USERSPACE_32
+static void
+print_mark(unsigned long long mark)
+{
+	printf("0x%llx", mark);
+}
+
+static void
+print_mask(const char *text, unsigned long long mask)
+{
+	if (mask != ~0ULL)
+		printf("%s%llx", text, mask);
+}
+
+#else
+
+static void
+print_mark(unsigned long mark)
+{
+	printf("0x%lx", mark);
+}
+
+static void
+print_mask(const char *text, unsigned long mask)
+{
+	if (mask != ~0UL)
+		printf("%s%lx", text, mask);
+}
+#endif
+
+
 /* Prints out the target info. */
 static void
 print(const struct ipt_ip *ip,
@@ -136,21 +180,19 @@
 		(const struct ipt_connmark_target_info *)target->data;
 	switch (markinfo->mode) {
 	case IPT_CONNMARK_SET:
-	    printf("CONNMARK set 0x%lx", markinfo->mark);
-	    if (markinfo->mask != ~0)
-		printf("/0x%lx", markinfo->mask);
+	    printf("CONNMARK set ");
+	    print_mark(markinfo->mark);
+	    print_mask("/", markinfo->mask);
 	    printf(" ");
 	    break;
 	case IPT_CONNMARK_SAVE:
 	    printf("CONNMARK save ");
-	    if (markinfo->mask != ~0)
-		printf("mask 0x%lx", markinfo->mask);
+	    print_mask("mask ", markinfo->mask);
 	    printf(" ");
 	    break;
 	case IPT_CONNMARK_RESTORE:
 	    printf("CONNMARK restore ");
-	    if (markinfo->mask != ~0)
-		printf("mask 0x%lx", markinfo->mask);
+	    print_mask("mask ", markinfo->mask);
 	    break;
 	default:
 	    printf("ERROR: UNKNOWN CONNMARK MODE ");
@@ -167,20 +209,18 @@
 
 	switch (markinfo->mode) {
 	case IPT_CONNMARK_SET:
-	    printf("--set-mark 0x%lx", markinfo->mark);
-	    if (markinfo->mask != ~0)
-		printf("/0x%lx", markinfo->mask);
+	    printf("--set-mark ");
+	    print_mark(markinfo->mark);
+	    print_mask("/", markinfo->mask);
 	    printf(" ");
 	    break;
 	case IPT_CONNMARK_SAVE:
 	    printf("--save-mark ");
-	    if (markinfo->mask != ~0)
-		printf("--mask 0x%lx", markinfo->mask);
+	    print_mask("--mask ", markinfo->mask);
 	    break;
 	case IPT_CONNMARK_RESTORE:
 	    printf("--restore-mark ");
-	    if (markinfo->mask != ~0)
-		printf("--mask 0x%lx", markinfo->mask);
+	    print_mask("--mask ", markinfo->mask);
 	    break;
 	default:
 	    printf("ERROR: UNKNOWN CONNMARK MODE ");

Modified: trunk/iptables/extensions/libipt_connmark.c
===================================================================
--- trunk/iptables/extensions/libipt_connmark.c	2005-02-12 21:21:01 UTC (rev 3666)
+++ trunk/iptables/extensions/libipt_connmark.c	2005-02-12 21:40:16 UTC (rev 3667)
@@ -26,7 +26,7 @@
 #include <getopt.h>
 
 #include <iptables.h>
-#include <linux/netfilter_ipv4/ipt_connmark.h>
+#include "../include/linux/netfilter_ipv4/ipt_connmark.h"
 
 /* Function which prints out usage message. */
 static void
@@ -66,11 +66,17 @@
 		char *end;
 	case '1':
 		check_inverse(optarg, &invert, &optind, 0);
+#ifdef KERNEL_64_USERSPACE_32
+		markinfo->mark = strtoull(optarg, &end, 0);
+		markinfo->mask = ~0ULL;
+		if (*end == '/')
+			markinfo->mask = strtoull(end+1, &end, 0);
+#else
 		markinfo->mark = strtoul(optarg, &end, 0);
-		if (*end == '/') {
+		markinfo->mask = ~0UL;
+		if (*end == '/')
 			markinfo->mask = strtoul(end+1, &end, 0);
-		} else
-			markinfo->mask = ~0;
+#endif
 		if (*end != '\0' || end == optarg)
 			exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
 		if (invert)
@@ -84,14 +90,25 @@
 	return 1;
 }
 
+#ifdef KERNEL_64_USERSPACE_32
 static void
+print_mark(unsigned long long mark, unsigned long long mask, int numeric)
+{
+	if(mask != ~0ULL)
+		printf("0x%llx/0x%llx ", mark, mask);
+	else
+		printf("0x%llx ", mark);
+}
+#else
+static void
 print_mark(unsigned long mark, unsigned long mask, int numeric)
 {
-	if(mask != ~0)
+	if(mask != ~0UL)
 		printf("0x%lx/0x%lx ", mark, mask);
 	else
 		printf("0x%lx ", mark);
 }
+#endif
 
 /* Final check; must have specified --mark. */
 static void

Modified: trunk/iptables/include/linux/netfilter_ipv4/ipt_CONNMARK.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_CONNMARK.h	2005-02-12 21:21:01 UTC (rev 3666)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_CONNMARK.h	2005-02-12 21:40:16 UTC (rev 3667)
@@ -17,8 +17,13 @@
 };
 
 struct ipt_connmark_target_info {
+#ifdef KERNEL_64_USERSPACE_32
+	unsigned long long mark;
+	unsigned long long mask;
+#else
 	unsigned long mark;
 	unsigned long mask;
+#endif
 	u_int8_t mode;
 };
 

Modified: trunk/iptables/include/linux/netfilter_ipv4/ipt_connmark.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_connmark.h	2005-02-12 21:21:01 UTC (rev 3666)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_connmark.h	2005-02-12 21:40:16 UTC (rev 3667)
@@ -11,7 +11,11 @@
  */
 
 struct ipt_connmark_info {
+#ifdef KERNEL_64_USERSPACE_32
+	unsigned long long mark, mask;
+#else
 	unsigned long mark, mask;
+#endif
 	u_int8_t invert;
 };
 


