Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make IPSet actually support IPs, and fix protocol errors for newer kernels #617

Merged
merged 1 commit into from
Mar 27, 2021
Merged

Make IPSet actually support IPs, and fix protocol errors for newer kernels #617

merged 1 commit into from
Mar 27, 2021

Conversation

eh-steve
Copy link

@eh-steve eh-steve commented Mar 8, 2021
edited
Loading

Fixes #609

Added support for IPSets based on IP rather than just MAC address.

With the release of IPSet v7, the protocol response for PROTOCOL_MIN is now potentially more relevant, so the IpsetProtocol() function has been updated to return this too.

I'd like to improve the protocol testing of all functions this area to ensure protocol parity with the userland ipset binary at some point (I built a debug version of http://git.netfilter.org/ipset/ using -DIPSET_DEBUG and this patch:

Index: lib/debug.c
===================================================================
diff --git a/lib/debug.c b/lib/debug.c
--- a/lib/debug.c	(revision 258b4c0e7fc5e3365a113d6d80c7d6770e55cc4a)
+++ b/lib/debug.c	(date 1614930673366)
@@ -292,6 +292,12 @@
 			;
 		}
 		cmd = ipset_get_nlmsg_type(nlh);
+                fprintf(stderr, "Message payload: \n");
+                for (int i = 0; i < len; i++) {
+                  fprintf(stderr, "%02X", ((uint8_t*)buffer)[i]);
+                }
+
+                fprintf(stderr, "\n");
 		fprintf(stderr, "Message header: %s cmd  %s (%d)\n"
 				"\tlen %d\n"
 				"\tflag %s\n"

which prints out the serialised payloads being sent, but this package will need some refactoring to make the request generation independent of the request execution - I might put that into a separate PR

@eh-steve eh-steve force-pushed the ipset-protocol-fixes branch from 95ef95d to a73f3d3 Compare March 8, 2021 12:29
yarinwinter
yarinwinter reviewed Mar 8, 2021
View reviewed changes
ipset_linux.go Outdated Show resolved Hide resolved
@eh-steve
Copy link
Author

eh-steve commented Mar 10, 2021
edited
Loading

@aboch @corny @vishvananda

I'd be happy to address any comments you might have

https://travis-ci.org/github/vishvananda/netlink/builds/761936947

@eh-steve eh-steve force-pushed the ipset-protocol-fixes branch from b6ce930 to d618bed Compare March 11, 2021 08:56
@aboch
Copy link
Collaborator

aboch commented Mar 27, 2021

LGTM

@aboch aboch merged commit 3b8f3fd into vishvananda:master Mar 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yarinwinter yarinwinter yarinwinter left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ipset create failed. panic: invalid family
3 participants
@eh-steve @aboch @yarinwinter