Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add xtables v11 match and target #173

Closed
wants to merge 1 commit into from
Closed

add xtables v11 match and target #173

wants to merge 1 commit into from

Conversation

peakwinter
Copy link
Contributor

This seems to enable basic compatibility with xtables v11. I tested normal function (adding targets and matches, purging tables, etc) and it seems to work fine. No idea about how it works with the new things added in iptables 1.6.0...

@coveralls
Copy link

Coverage Status

Coverage increased (+0.03%) to 59.806% when pulling c2ccf4a on peakwinter:master into a0cafb4 on ldx:master.

@thejuan
Copy link

thejuan commented Apr 22, 2016
edited
Loading

I get a seg fault with this patch and creating matches on Ubuntu 16.04 LTS

match_rule = iptc.Rule()
set_name = "ipset-name"
set_match = match_rule.create_match("set") # SegFault
set_match.match_set = [set_name, "dst"]

@mmellison
Copy link
Contributor

Same here on arch, segfault when creating matches.

mmellison
mmellison reviewed Apr 25, 2016
View reviewed changes
iptc/xtables.py
("x6_options", ct.POINTER(xt_option_entry)),

# Translate iptables to nft
("xlate", ct.CFUNCTYPE(None, ct.c_void_p,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like the segfault problem is coming from this. The xlate member does not exist in the 1.6.0 tagged release of iptables, although it does exist in master branch.

mmellison added a commit to mmellison/python-iptables that referenced this pull request Apr 29, 2016
@mmellison
Prevent Segfault on v11 xtables
b28be31 
This builds on top of proposed ldx#173 but fixes the segfault issue when
interacting with xtables. Closes ldx#172.
mmellison added a commit to mmellison/python-iptables that referenced this pull request Apr 29, 2016
@mmellison
Prevent Segfault on v11 xtables
fdae2ef 
This builds on top of proposed ldx#173 but fixes the segfault issue when
interacting with xtables. The structure of the tables did not
change. Closes ldx#172.
@dealfonso
Copy link

Hi @seglberg and @peakwinter,

I have a fresh ubuntu 16.04 install and I am still having this problem using your PR. Just this example:

import iptc

table = iptc.Table(iptc.Table.NAT)
chain = iptc.Chain(table, "PREROUTING")
print "name: ", chain.name
print "rules: ", chain.rules

If I check xtables.h, I cannot find any reference to xlate. So I removed it from xtable.py, and I also found that "parse" field is not properly defined (according to the headers: the first int parameter is missing). So I corrected all these problems, but the problem is still there.

I have followed the code and the problem (whether removed the xlate or not) is in function find_match when using call xtables._xtables_find_match

Could you please check my code and figure out what is happening?

@mmellison mmellison mentioned this pull request May 12, 2016
Merged
@mmellison
Copy link
Contributor

I can take a quick look later, but I just realized I forgot to post my PR that included a fix for the segfault. See #177.

@ldx ldx closed this in #177 May 13, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@peakwinter @coveralls @thejuan @mmellison @dealfonso