d7aeda5ed45ac7ca959f12180690caa371b5b14b |
|
08-Jul-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
ip{6}tables-restore: fix breakage due to new locking approach Since (93587a0 ip[6]tables: Add locking to prevent concurrent instances), ip{6}tables-restore does not work anymore: iptables-restore < x Another app is currently holding the xtables lock. Perhaps you want to use the -w option? do_command{6}(...) is called from ip{6}tables-restore for every iptables command contained in the rule-set file. Thus, hitting the lock error after the second command. Fix it by bypassing the locking in the ip{6}tables-restore path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/iptables-restore.c
|
23a98b56935c42ef460020e37a9ff8006eee58e2 |
|
03-Aug-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
ip[6]tables-restore: cleanup to reduce one level of indentation This patch moves the parameter parsing to one function to reduce one level of indentation. Jan Engelhardt likes this. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/iptables-restore.c
|
c5300d11308ccb429d551c32dffe752575c30b77 |
|
17-Jun-2012 |
Jan Engelhardt <jengelh@inai.de> |
iptables-restore: warn about -t in rule lines save-restore syntax uses *table, not -t table. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/iptables-restore.c
|
2165f38d2582e88e8a9dd9416f34eca7a7672e5a |
|
30-Jul-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
iptables-restore: fix parameter parsing (shows up with gcc-4.7) This patch fixes parameter parsing in iptables-restore since time ago. The problem has shown up with gcc-4.7. This version of gcc seem to perform more agressive memory management than previous. Peter Lekensteyn provided the following sample code similar to the one in iptables-restore: int i = 0; for (;;) { char x[5]; x[i] = '0' + i; if (++i == 4) { x[i] = '\0'; /* terminate string with null byte */ printf("%s\n", x); break; } } Many may expect 0123 as output. But GCC 4.7 does not do that when compiling with optimization enabled (-O1 and higher). It instead puts random data in the first bytes of the character array, which becomes: | 0 | 1 | 2 | 3 | 4 | | RANDOM | '3' | '\0' | Since the array is declared inside the scope of loop's body, you can think of it as of a new array being allocated in the automatic storage area for each loop iteration. The correct code should be: char x[5]; for (;;) { x[i] = '0' + i; if (++i == 4) { x[i] = '\0'; /* terminate string with null byte */ printf("%s\n", x); break; } } Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/iptables-restore.c
|
f1c668268e9ddaedd8d78d7ae44cd26db1e8469f |
|
30-Jul-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
Revert "iptables-restore: move code to add_param_to_argv, cleanup (fix gcc-4.7)" This reverts commit 44191bdbd71e685fba9eab864b9df25e63905220. Apply instead a patch that really clarifies the bug in iptables-restore. This should be good for the record (specifically, for distributors so they can find the fix by googling).
/external/iptables/iptables/iptables-restore.c
|
44191bdbd71e685fba9eab864b9df25e63905220 |
|
23-Jul-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
iptables-restore: move code to add_param_to_argv, cleanup (fix gcc-4.7) This patch seems to be a mere cleanup that moves the parameter parsing code to add_param_to_argv. But, in reality, it also fixes iptables when compiled with gcc-4.7. Moving param_buffer declaration out of the loop seems to resolve the issue. gcc-4.7 seems to be generating bad code regarding param_buffer. @@ -380,9 +380,9 @@ quote_open = 0; escaped = 0; param_len = 0; + char param_buffer[1024]; for (curchar = parsestart; *curchar; curchar++) { - char param_buffer[1024]; if (quote_open) { if (escaped) { But I have hard time to apply this patch in such a way. Instead, I came up with the idea of this cleanup, which does not harm after all (and fixes the issue for us). Someone in: https://bugzilla.redhat.com/show_bug.cgi?id=82579 put some light on this: "Yes, I ran into this too. The issue is that the gcc optimizer is optimizing out the code that collects quoted strings in iptables-restore.c at line 396. If inside a quotemark and it hasn't seen another one yet, it executes param_buffer[param_len++] = *curchar; continue; At -O1 or higher, the write to param_buffer[] never happens. It just increments param_len and continues. Moving the definition of char param_buffer[1024]; outside the loop fixes it. Why, I'm not sure. Defining the param_buffer[] inside the loop should simply restrict its scope to inside the loop." Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/iptables-restore.c
|
cb999dfdaf25d5a774d2ee84cb99355438d57c93 |
|
10-May-2012 |
Florian Westphal <fw@strlen.de> |
ip(6)tables-restore: make sure argv is NULL terminated Else, argv[argc] may point to free'd memory. Some extensions, e.g. rateest, may fail to parse valid input because argv[optind] (with optind == argc) is not NULL. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/iptables-restore.c
|
0ab10b11093ec250b404e3bead1d39177d1cbfa0 |
|
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
ip6tables-restore: make code look alike with iptables-restore Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/iptables/iptables-restore.c
|
14da56743c6cdf25da35b7b5ca7a5d201771990d |
|
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: resolve old macro names that are indirections Command used: git grep -f <(pcregrep -hior '(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/) and then fix all occurrences. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/iptables/iptables-restore.c
|
1639fe86579f86f5f6a954a9b0adde2e16ad1980 |
|
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: combine common types: _handle No real API/ABI change incurred, since the definition of the structs' types is not visible anyhow. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/iptables/iptables-restore.c
|
f643eb37e49a212d40eb060bcdfafbc366c0d616 |
|
26-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove unused IPTABLES_MULTI define This dead code has been lingering around since commit v1.4.5~7. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/iptables/iptables-restore.c
|
ee80faf4438102395bc4034894b6468453181be9 |
|
10-Jun-2011 |
Jiri Popelka <jpopelka@redhat.com> |
iptables: Coverity: REVERSE_INULL ip6tables-restore.c:186: deref_ptr_in_call: Dereferencing pointer "in". ip6tables-restore.c:463: check_after_deref: Dereferencing "in" before a null check. iptables-restore.c:192: deref_ptr_in_call: Dereferencing pointer "in". iptables-restore.c:468: check_after_deref: Dereferencing "in" before a null check. iptables-xml.c:671: deref_ptr_in_call: Dereferencing pointer "in". iptables-xml.c:873: check_after_deref: Dereferencing "in" before a null check. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/iptables/iptables-restore.c
|
033e25a3ad215ee3f5a07f0a3315f74c4abfaced |
|
07-Jun-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: move all iptables pieces into a separate directory (Unclutter top-level dir) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/iptables/iptables-restore.c
|