morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-15 08:56:15 +09:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10992 from yuwata/follow-up-10948

Browse Source 
network: make fib rule accept arbitrary ip protocol
This commit is contained in:
Lennart Poettering
2018-12-03 11:09:04 +01:00
committed by GitHub
parent 9714c020fc d2b42d63c4
commit ad2bf5df89
24 changed files with 192 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
man/systemd.network.xml
View File

@@ -1007,9 +1007,11 @@
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Protocol=</varname></term>
<term><varname>IPProtocol=</varname></term>
<listitem>
<para>Specifies the protocol to match in forwarding information base (FIB) rules. Accepted values are tcp, udp and sctp.
<para>Specifies the IP protocol to match in forwarding information base (FIB) rules. Takes IP protocol name such as <literal>tcp</literal>,
<literal>udp</literal> or <literal>sctp</literal>, or IP protocol number such as <literal>6</literal> for <literal>tcp</literal> or
<literal>17</literal> for <literal>udp</literal>.
Defaults to unset.</para>
</listitem>
</varlistentry>

2
src/basic/af-list.c
View File

@@ -17,7 +17,7 @@ const char *af_to_name(int id) {
if (id <= 0)
return NULL;
if (id >= (int) ELEMENTSOF(af_names))
if ((size_t) id >= ELEMENTSOF(af_names))
return NULL;
return af_names[id];

2
src/basic/arphrd-list.c
View File

@@ -17,7 +17,7 @@ const char *arphrd_to_name(int id) {
if (id <= 0)
return NULL;
if (id >= (int) ELEMENTSOF(arphrd_names))
if ((size_t) id >= ELEMENTSOF(arphrd_names))
return NULL;
return arphrd_names[id];

4
src/basic/cap-list.c
View File

@@ -22,7 +22,7 @@ const char *capability_to_name(int id) {
if (id < 0)
return NULL;
if (id >= (int) ELEMENTSOF(capability_names))
if ((size_t) id >= ELEMENTSOF(capability_names))
return NULL;
return capability_names[id];
@@ -37,7 +37,7 @@ int capability_from_name(const char *name) {
/* Try to parse numeric capability */
r = safe_atoi(name, &i);
if (r >= 0) {
if (i >= 0 && i < (int) ELEMENTSOF(capability_names))
if (i >= 0 && (size_t) i < ELEMENTSOF(capability_names))
return i;
else
return -EINVAL;

2
src/basic/errno-list.c
View File

@@ -17,7 +17,7 @@ const char *errno_to_name(int id) {
if (id < 0)
id = -id;
if (id >= (int) ELEMENTSOF(errno_names))
if ((size_t) id >= ELEMENTSOF(errno_names))
return NULL;
return errno_names[id];

8
src/core/dbus-socket.c
View File

@@ -8,10 +8,10 @@
#include "dbus-socket.h"
#include "dbus-util.h"
#include "fd-util.h"
#include "ip-protocol-list.h"
#include "parse-util.h"
#include "path-util.h"
#include "socket.h"
#include "socket-protocol-list.h"
#include "socket-util.h"
#include "string-util.h"
#include "unit.h"
@@ -138,14 +138,14 @@ static inline bool check_size_t_truncation(uint64_t t) {
return (size_t) t == t;
}
static inline const char* supported_socket_protocol_to_string(int32_t i) {
static inline const char* socket_protocol_to_string(int32_t i) {
if (i == IPPROTO_IP)
return "";
if (!IN_SET(i, IPPROTO_UDPLITE, IPPROTO_SCTP))
return NULL;
return socket_protocol_to_name(i);
return ip_protocol_to_name(i);
}
static BUS_DEFINE_SET_TRANSIENT(int, "i", int32_t, int, "%" PRIi32);
@@ -155,7 +155,7 @@ static BUS_DEFINE_SET_TRANSIENT_PARSE(bind_ipv6_only, SocketAddressBindIPv6Only,
static BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(fdname, fdname_is_valid);
static BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(ifname, ifname_valid);
static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(ip_tos, "i", int32_t, int, "%" PRIi32, ip_tos_to_string_alloc);
static BUS_DEFINE_SET_TRANSIENT_TO_STRING(socket_protocol, "i", int32_t, int, "%" PRIi32, supported_socket_protocol_to_string);
static BUS_DEFINE_SET_TRANSIENT_TO_STRING(socket_protocol, "i", int32_t, int, "%" PRIi32, socket_protocol_to_string);
static int bus_socket_set_transient_property(
Socket *s,

11
src/core/load-fragment.c
View File

@@ -34,6 +34,7 @@
#include "hexdecoct.h"
#include "io-util.h"
#include "ioprio.h"
#include "ip-protocol-list.h"
#include "journal-util.h"
#include "load-fragment.h"
#include "log.h"
@@ -48,7 +49,6 @@
#include "securebits.h"
#include "securebits-util.h"
#include "signal-util.h"
#include "socket-protocol-list.h"
#include "stat-util.h"
#include "string-util.h"
#include "strv.h"
@@ -57,13 +57,10 @@
#include "user-util.h"
#include "web-util.h"
static int supported_socket_protocol_from_string(const char *s) {
static int parse_socket_protocol(const char *s) {
int r;
if (isempty(s))
return IPPROTO_IP;
r = socket_protocol_from_name(s);
r = parse_ip_protocol(s);
if (r < 0)
return r;
if (!IN_SET(r, IPPROTO_UDPLITE, IPPROTO_SCTP))
@@ -72,7 +69,7 @@ static int supported_socket_protocol_from_string(const char *s) {
return r;
}
DEFINE_CONFIG_PARSE(config_parse_socket_protocol, supported_socket_protocol_from_string, "Failed to parse socket protocol");
DEFINE_CONFIG_PARSE(config_parse_socket_protocol, parse_socket_protocol, "Failed to parse socket protocol");
DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits, secure_bits_from_string, "Failed to parse secure bits");
DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode, collect_mode, CollectMode, "Failed to parse garbage collection mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGroupDevicePolicy, "Failed to parse device policy");

4
src/core/socket.c
View File

@@ -24,6 +24,7 @@
#include "fs-util.h"
#include "in-addr-util.h"
#include "io-util.h"
#include "ip-protocol-list.h"
#include "label.h"
#include "log.h"
#include "missing.h"
@@ -35,7 +36,6 @@
#include "serialize.h"
#include "signal-util.h"
#include "smack-util.h"
#include "socket-protocol-list.h"
#include "socket.h"
#include "special.h"
#include "string-table.h"
@@ -814,7 +814,7 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->trigger_limit.interval, USEC_PER_SEC),
prefix, s->trigger_limit.burst);
str = socket_protocol_to_name(s->socket_protocol);
str = ip_protocol_to_name(s->socket_protocol);
if (str)
fprintf(f, "%sSocketProtocol: %s\n", prefix, str);

2
src/network/networkd-network-gperf.gperf
View File

@@ -101,7 +101,7 @@ RoutingPolicyRule.From, config_parse_routing_policy_rule_prefix,
RoutingPolicyRule.To, config_parse_routing_policy_rule_prefix, 0, 0
RoutingPolicyRule.IncomingInterface, config_parse_routing_policy_rule_device, 0, 0
RoutingPolicyRule.OutgoingInterface, config_parse_routing_policy_rule_device, 0, 0
RoutingPolicyRule.Protocol, config_parse_routing_policy_rule_protocol, 0, 0
RoutingPolicyRule.IPProtocol, config_parse_routing_policy_rule_ip_protocol, 0, 0
RoutingPolicyRule.SourcePort, config_parse_routing_policy_rule_port_range, 0, 0
RoutingPolicyRule.DestinationPort, config_parse_routing_policy_rule_port_range, 0, 0
Route.Gateway, config_parse_gateway, 0, 0

13
src/network/networkd-routing-policy-rule.c
View File

@@ -6,11 +6,11 @@
#include "alloc-util.h"
#include "conf-parser.h"
#include "fileio.h"
#include "ip-protocol-list.h"
#include "networkd-routing-policy-rule.h"
#include "netlink-util.h"
#include "networkd-manager.h"
#include "parse-util.h"
#include "socket-protocol-list.h"
#include "socket-util.h"
#include "string-util.h"
#include "strv.h"
@@ -932,7 +932,7 @@ int config_parse_routing_policy_rule_port_range(
return 0;
}
int config_parse_routing_policy_rule_protocol(
int config_parse_routing_policy_rule_ip_protocol(
const char *unit,
const char *filename,
unsigned line,
@@ -958,14 +958,9 @@ int config_parse_routing_policy_rule_protocol(
if (r < 0)
return r;
r = socket_protocol_from_name(rvalue);
r = parse_ip_protocol(rvalue);
if (r < 0) {
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse routing policy rule protocol, ignoring: %s", rvalue);
return 0;
}
if (!IN_SET(r, IPPROTO_TCP, IPPROTO_UDP, IPPROTO_SCTP)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid protocol '%s'. Protocol should be tcp/udp/sctp, ignoring", rvalue);
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse IP protocol '%s' for routing policy rule, ignoring: %m", rvalue);
return 0;
}

2
src/network/networkd-routing-policy-rule.h
View File

@@ -79,4 +79,4 @@ CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_prefix);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_priority);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_device);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_port_range);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_protocol);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_ip_protocol);

6
src/shared/bus-unit-util.c
View File

@@ -15,6 +15,7 @@
#include "hexdecoct.h"
#include "hostname-util.h"
#include "in-addr-util.h"
#include "ip-protocol-list.h"
#include "list.h"
#include "locale-util.h"
#include "mountpoint-util.h"
@@ -25,7 +26,6 @@
#include "rlimit-util.h"
#include "securebits-util.h"
#include "signal-util.h"
#include "socket-protocol-list.h"
#include "string-util.h"
#include "syslog-util.h"
#include "terminal-util.h"
@@ -103,7 +103,7 @@ DEFINE_BUS_APPEND_PARSE("i", parse_errno);
DEFINE_BUS_APPEND_PARSE("i", sched_policy_from_string);
DEFINE_BUS_APPEND_PARSE("i", secure_bits_from_string);
DEFINE_BUS_APPEND_PARSE("i", signal_from_string);
DEFINE_BUS_APPEND_PARSE("i", socket_protocol_from_name);
DEFINE_BUS_APPEND_PARSE("i", parse_ip_protocol);
DEFINE_BUS_APPEND_PARSE_PTR("i", int32_t, int, ioprio_parse_priority);
DEFINE_BUS_APPEND_PARSE_PTR("i", int32_t, int, parse_nice);
DEFINE_BUS_APPEND_PARSE_PTR("i", int32_t, int, safe_atoi);
@@ -1466,7 +1466,7 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons
if (streq(field, "SocketProtocol"))
return bus_append_socket_protocol_from_name(m, field, eq);
return bus_append_parse_ip_protocol(m, field, eq);
if (STR_IN_SET(field,
"ListenStream", "ListenDatagram", "ListenSequentialPacket", "ListenNetlink",

0
src/shared/generate-socket-protocol-list.sh → src/shared/generate-ip-protocol-list.sh
View File

67
src/shared/ip-protocol-list.c Normal file
View File

@@ -0,0 +1,67 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#include <errno.h>
#include <netinet/in.h>
#include "alloc-util.h"
#include "ip-protocol-list.h"
#include "parse-util.h"
#include "string-util.h"
#include "macro.h"
static const struct ip_protocol_name* lookup_ip_protocol(register const char *str, register GPERF_LEN_TYPE len);
#include "ip-protocol-from-name.h"
#include "ip-protocol-to-name.h"
const char *ip_protocol_to_name(int id) {
if (id < 0)
return NULL;
if ((size_t) id >= ELEMENTSOF(ip_protocol_names))
return NULL;
return ip_protocol_names[id];
}
int ip_protocol_from_name(const char *name) {
const struct ip_protocol_name *sc;
assert(name);
sc = lookup_ip_protocol(name, strlen(name));
if (!sc)
return -EINVAL;
return sc->id;
}
int parse_ip_protocol(const char *s) {
_cleanup_free_ char *str = NULL;
int i, r;
assert(s);
if (isempty(s))
return IPPROTO_IP;
/* Do not use strdupa() here, as the input string may come from *
* command line or config files. */
str = strdup(s);
if (!str)
return -ENOMEM;
i = ip_protocol_from_name(ascii_strlower(str));
if (i >= 0)
return i;
r = safe_atoi(str, &i);
if (r < 0)
return r;
if (!ip_protocol_to_name(i))
return -EINVAL;
return i;
}

6
src/shared/ip-protocol-list.h Normal file
View File

@@ -0,0 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once
const char *ip_protocol_to_name(int id);
int ip_protocol_from_name(const char *name);
int parse_ip_protocol(const char *s);

2
src/shared/socket-protocol-to-name.awk → src/shared/ip-protocol-to-name.awk
View File

@@ -1,5 +1,5 @@
BEGIN{
print "static const char* const socket_protocol_names[] = { "
print "static const char* const ip_protocol_names[] = { "
}
!/HOPOPTS/ {
printf " [IPPROTO_%s] = \"%s\",\n", $1, tolower($1)

35
src/shared/meson.build
View File

@@ -129,8 +129,8 @@ shared_sources = files('''
serialize.h
sleep-config.c
sleep-config.h
socket-protocol-list.c
socket-protocol-list.h
ip-protocol-list.c
ip-protocol-list.h
spawn-ask-password-agent.c
spawn-ask-password-agent.h
spawn-polkit-agent.c
@@ -192,44 +192,45 @@ if conf.get('HAVE_KMOD') == 1
shared_sources += files('module-util.c')
endif
generate_socket_protocol_list = find_program('generate-socket-protocol-list.sh')
socket_protocol_list_txt = custom_target(
'socket-protocol-list.txt',
output : 'socket-protocol-list.txt',
command : [generate_socket_protocol_list, cpp],
generate_ip_protocol_list = find_program('generate-ip-protocol-list.sh')
ip_protocol_list_txt = custom_target(
'ip-protocol-list.txt',
output : 'ip-protocol-list.txt',
command : [generate_ip_protocol_list, cpp],
capture : true)
fname = 'socket-protocol-from-name.gperf'
fname = 'ip-protocol-from-name.gperf'
gperf_file = custom_target(
fname,
input : socket_protocol_list_txt,
input : ip_protocol_list_txt,
output : fname,
command : [generate_gperfs, 'socket_protocol', 'IPPROTO_', '@INPUT@'],
command : [generate_gperfs, 'ip_protocol', 'IPPROTO_', '@INPUT@'],
capture : true)
fname = 'socket-protocol-from-name.h'
fname = 'ip-protocol-from-name.h'
target1 = custom_target(
fname,
input : gperf_file,
output : fname,
command : [gperf,
'-L', 'ANSI-C', '-t', '--ignore-case',
'-N', 'lookup_socket_protocol',
'-H', 'hash_socket_protocol_name',
'-N', 'lookup_ip_protocol',
'-H', 'hash_ip_protocol_name',
'-p', '-C',
'@INPUT@'],
capture : true)
fname = 'socket-protocol-to-name.h'
awkscript = 'socket-protocol-to-name.awk'
fname = 'ip-protocol-to-name.h'
awkscript = 'ip-protocol-to-name.awk'
target2 = custom_target(
fname,
input : [awkscript, socket_protocol_list_txt],
input : [awkscript, ip_protocol_list_txt],
output : fname,
command : [awk, '-f', '@INPUT0@', '@INPUT1@'],
capture : true)
shared_sources += [target1, target2]
shared_generated_gperf_headers = [target1, target2]
shared_sources += shared_generated_gperf_headers
libshared_name = 'systemd-shared-@0@'.format(meson.project_version())

36
src/shared/socket-protocol-list.c
View File

@@ -1,36 +0,0 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#include <errno.h>
#include <netinet/in.h>
#include <string.h>
#include "socket-protocol-list.h"
#include "macro.h"
static const struct socket_protocol_name* lookup_socket_protocol(register const char *str, register GPERF_LEN_TYPE len);
#include "socket-protocol-from-name.h"
#include "socket-protocol-to-name.h"
const char *socket_protocol_to_name(int id) {
if (id < 0)
return NULL;
if (id >= (int) ELEMENTSOF(socket_protocol_names))
return NULL;
return socket_protocol_names[id];
}
int socket_protocol_from_name(const char *name) {
const struct socket_protocol_name *sc;
assert(name);
sc = lookup_socket_protocol(name, strlen(name));
if (!sc)
return -EINVAL;
return sc->id;
}

5
src/shared/socket-protocol-list.h
View File

@@ -1,5 +0,0 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once
const char *socket_protocol_to_name(int id);
int socket_protocol_from_name(const char *name);

5
src/test/meson.build
View File

@@ -646,6 +646,11 @@ tests += [
[],
[]],
[['src/test/test-ip-protocol-list.c',
shared_generated_gperf_headers],
[],
[]],
[['src/test/test-journal-importer.c'],
[],
[]],

64
src/test/test-ip-protocol-list.c Normal file
View File

@@ -0,0 +1,64 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#include <netinet/in.h>
#include "macro.h"
#include "ip-protocol-list.h"
#include "stdio-util.h"
#include "string-util.h"
static void test_int(int i) {
char str[DECIMAL_STR_MAX(int)];
assert_se(ip_protocol_from_name(ip_protocol_to_name(i)) == i);
xsprintf(str, "%i", i);
assert_se(ip_protocol_from_name(ip_protocol_to_name(parse_ip_protocol(str))) == i);
}
static void test_int_fail(int i) {
char str[DECIMAL_STR_MAX(int)];
assert_se(!ip_protocol_to_name(i));
xsprintf(str, "%i", i);
assert_se(parse_ip_protocol(str) == -EINVAL);
}
static void test_str(const char *s) {
assert_se(streq(ip_protocol_to_name(ip_protocol_from_name(s)), s));
assert_se(streq(ip_protocol_to_name(parse_ip_protocol(s)), s));
}
static void test_str_fail(const char *s) {
assert_se(ip_protocol_from_name(s) == -EINVAL);
assert_se(parse_ip_protocol(s) == -EINVAL);
}
static void test_parse_ip_protocol(const char *s, int expected) {
assert_se(parse_ip_protocol(s) == expected);
}
int main(int argc, const char *argv[]) {
test_int(IPPROTO_TCP);
test_int(IPPROTO_DCCP);
test_int_fail(-1);
test_int_fail(1024 * 1024);
test_str("sctp");
test_str("udp");
test_str_fail("hoge");
test_str_fail("-1");
test_str_fail("1000000000");
test_parse_ip_protocol("sctp", IPPROTO_SCTP);
test_parse_ip_protocol("ScTp", IPPROTO_SCTP);
test_parse_ip_protocol("ip", IPPROTO_IP);
test_parse_ip_protocol("", IPPROTO_IP);
test_parse_ip_protocol("1", 1);
test_parse_ip_protocol("0", 0);
test_parse_ip_protocol("-10", -EINVAL);
test_parse_ip_protocol("100000000", -EINVAL);
return 0;
}

2
test/fuzz/fuzz-network-parser/25-fibrule-port-range.network
View File

@@ -8,4 +8,4 @@ From= 192.168.100.18
Priority=111
SourcePort = 1123-1150
DestinationPort = 3224-3290
Protocol = tcp
IPProtocol = tcp

2
test/fuzz/fuzz-network-parser/directives.network
View File

@@ -152,7 +152,7 @@ Priority=
FirewallMark=
SourcePort=
DestinationPort=
Protocol=
IPProtocol=
[IPv6PrefixDelegation]
RouterPreference=
DNSLifetimeSec=

2
test/test-network/conf/25-fibrule-port-range.network
View File

@@ -8,4 +8,4 @@ From= 192.168.100.18
Priority=111
SourcePort = 1123-1150
DestinationPort = 3224-3290
Protocol = tcp
IPProtocol = tcp