master

分支 (137)

标签 (22)

管理

管理

master

MarsOS-5.0-Release

OpenHarmony-5.0-Release

OpenHarmony-5.0.0-Release

OpenHarmony-5.0.1-Release

OpenHarmony_ArkUI_Upstream_2024

OpenHarmony_debug_20240603

OpenHarmony_debug_20240606

OpenHarmony_debug_20240704

OpenHarmony_debug_20240717

OpenHarmony_debug_20240815

OpenHarmony_debug_20240822

OpenHarmony_debug_20240926

weekly_20240603

weekly_20240610

weekly_20240617

weekly_20240624

weekly_20240701

weekly_20240708

weekly_20240715

OpenHarmony-v5.0.0-Release

OpenHarmony-v4.0.3-Release

OpenHarmony-v4.0.2-Release

OpenHarmony-v5.0-Beta1

OpenHarmony-v4.1-Release

OpenHarmony-v4.1.1-Release

OpenHarmony-v4.1-Beta1

master-v

weekly_20240115-v

OpenHarmony-v4.0-Release

OpenHarmony-v4.0.1-Release

OpenHarmony-v4.0-Beta1

OpenHarmony-v4.0-Beta2

OpenHarmony-v3.2-Beta4

OpenHarmony-v3.2-Beta5

OpenHarmony-v3.2-Release

OpenHarmony-v3.2.1-Release

OpenHarmony-v3.2.2-Release

OpenHarmony-v3.2.3-Release

OpenHarmony-v3.2.4-Release

third_party_iptables
/
backport-nft-Fix-EPERM-handling-for-e...

From 8468fd4f7c85c21ab375402bc80d0188412b6cbf Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Wed, 4 May 2022 11:19:16 +0200
Subject: nft: Fix EPERM handling for extensions without rev 0

Treating revision 0 as compatible in EPERM case works fine as long as
there is a revision 0 of that extension defined in DSO. Fix the code for
others: Extend the EPERM handling to all revisions and keep the existing
warning for revision 0.

Conflict: NA
Reference:
https://git.netfilter.org/iptables/commit/?id=8468fd4f7c85c21ab375402bc80d0188412b6cbf
Fixes: 17534cb18ed0a ("Improve error messages for unsupported
extensions")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft.c                                        | 11 +++++++----
 .../shell/testcases/iptables/0008-unprivileged_0      |  7 +++++++
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index 18bf21c..ebab3cc 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -3245,15 +3245,18 @@ int nft_compatible_revision(const char *name, uint8_t rev, int opt)
 err:
 	mnl_socket_close(nl);

-   /* pretend revision 0 is valid -
+    /* ignore EPERM and errors for revision 0 -
     * this is required for printing extension help texts as user, also
     * helps error messaging on unavailable kernel extension */
-    if (ret < 0 && rev == 0) {
-        if (errno != EPERM)
+    if (ret < 0) {
+        if (errno == EPERM)
+            return 1;
+        if (rev == 0) {
             fprintf(stderr,
                 "Warning: Extension %s revision 0 not supported, missing kernel module?\n",
                 name);
-        return 1;
+            return 1;
+        }
     }
 	return ret < 0 ? 0 : 1;
 }
diff --git a/iptables/tests/shell/testcases/iptables/0008-unprivileged_0 b/iptables/tests/shell/testcases/iptables/0008-unprivileged_0
index 0914c88..1f1d342 100644
--- a/iptables/tests/shell/testcases/iptables/0008-unprivileged_0
+++ b/iptables/tests/shell/testcases/iptables/0008-unprivileged_0
@@ -34,6 +34,13 @@ let "rc+=$?"
 grep_or_rc "DNAT target options:" <<< "$out"
 let "rc+=$?"

+# TEE has no revision 0
+out=$(run $XT_MULTI iptables -j TEE --help)
+let "rc+=$?"
+grep_or_rc "TEE target options:" <<< "$out"
+let "rc+=$?"
+
+
 out=$(run $XT_MULTI iptables -p tcp -j DNAT --help)
 let "rc+=$?"
 grep_or_rc "tcp match options:" <<< "$out"
--
2.23.0