Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 1469968 Details for
Bug 1601958
seinfo cannot resolve dccp portcons
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Setools3 patch fixing support for DCCP portcon
0014-Add-support-for-DCCP-and-SCTP-protocols.patch (text/plain), 8.05 KB, created by
Vit Mojzis
on 2018-07-23 14:13:08 UTC
(
hide
)
Description:
Setools3 patch fixing support for DCCP portcon
Filename:
MIME Type:
Creator:
Vit Mojzis
Created:
2018-07-23 14:13:08 UTC
Size:
8.05 KB
patch
obsolete
>From 78260f2d8fdeb05a9d53727ea64bf5b2d08d3349 Mon Sep 17 00:00:00 2001 >From: Vit Mojzis <vmojzis@redhat.com> >Date: Fri, 20 Jul 2018 17:33:22 +0200 >Subject: [PATCH] Add support for DCCP and SCTP protocols > >Resolves: rhbz#1607273 >--- > libapol/include/apol/util.h | 12 ++++++------ > libapol/src/util.c | 17 +++++++++++++++++ > libapol/swig/apol.i | 3 +++ > libqpol/include/qpol/portcon_query.h | 13 +++++++++++-- > libqpol/src/policy_define.c | 10 ++++++++++ > libqpol/src/policy_parse.y | 7 +++++++ > libqpol/swig/qpol.i | 3 +++ > python/setools/seinfo.c | 4 +++- > secmds/seinfo.c | 4 ++++ > 9 files changed, 64 insertions(+), 9 deletions(-) > >diff --git a/libapol/include/apol/util.h b/libapol/include/apol/util.h >index 99db1685..3e370332 100644 >--- a/libapol/include/apol/util.h >+++ b/libapol/include/apol/util.h >@@ -48,8 +48,8 @@ extern "C" > * Given a portcon protocol, return a read-only string that describes > * that protocol. > * >- * @param protocol Portcon protocol, one of IPPROTO_TCP or IPPROTO_UDP >- * from netinet/in.h. >+ * @param protocol Portcon protocol, one of IPPROTO_TCP, IPPROTO_UDP, >+ * IPPROTO_DCCP or IPPROTO_SCTP from netinet/in.h. > * > * @return A string that describes the protocol, or NULL if the > * protocol is invalid. <b>Do not free() this string.</b> >@@ -59,10 +59,10 @@ extern "C" > /** > * Given the name of a portcon protocol, return its numeric value. > * >- * @param protocol_str Portcon protocol, one of "tcp", "TCP", "udp", or "UDP". >- * >- * @return Numeric value for the protocol, one of IPPROTO_TCP or IPPROTO_UDP >- * from netinet/in.h. Upon error return 0. >+ * @param protocol_str Portcon protocol, one of "tcp", "TCP", "udp", "UDP", >+ * "dccp", "DCCP", "sctp" or "SCTP". >+ * @return Numeric value for the protocol, one of IPPROTO_TCP, IPPROTO_UDP, >+ * IPPROTO_DCCP or IPPROTO_SCTP from netinet/in.h. Upon error return 0. > */ > extern uint8_t apol_str_to_protocol(const char *protocol_str); > >diff --git a/libapol/src/util.c b/libapol/src/util.c >index dd6d300d..fc38d9d5 100644 >--- a/libapol/src/util.c >+++ b/libapol/src/util.c >@@ -42,6 +42,13 @@ > #include <arpa/inet.h> > #include <netinet/in.h> /* needed for portcon's protocol */ > >+#ifndef IPPROTO_DCCP >+#define IPPROTO_DCCP 33 >+#endif >+#ifndef IPPROTO_SCTP >+#define IPPROTO_SCTP 132 >+#endif >+ > /* use 8k line size */ > #define APOL_LINE_SZ 8192 > #define APOL_ENVIRON_VAR_NAME "APOL_INSTALL_DIR" >@@ -173,6 +180,10 @@ const char *apol_protocol_to_str(uint8_t protocol) > return "tcp"; > case IPPROTO_UDP: > return "udp"; >+ case IPPROTO_DCCP: >+ return "dccp"; >+ case IPPROTO_SCTP: >+ return "sctp"; > default: > errno = EPROTONOSUPPORT; > return NULL; >@@ -191,6 +202,12 @@ uint8_t apol_str_to_protocol(const char *protocol_str) > if (strcmp(protocol_str, "udp") == 0 || strcmp(protocol_str, "UDP") == 0) { > return IPPROTO_UDP; > } >+ if (strcmp(protocol_str, "dccp") == 0 || strcmp(protocol_str, "DCCP") == 0) { >+ return IPPROTO_DCCP; >+ } >+ if (strcmp(protocol_str, "sctp") == 0 || strcmp(protocol_str, "SCTP") == 0) { >+ return IPPROTO_SCTP; >+ } > errno = EPROTONOSUPPORT; > return 0; > } >diff --git a/libapol/swig/apol.i b/libapol/swig/apol.i >index 8a4a195f..6a650315 100644 >--- a/libapol/swig/apol.i >+++ b/libapol/swig/apol.i >@@ -227,6 +227,9 @@ const char *libapol_get_version(void); > /* defines from netinet/in.h for ip protocols */ > #define IPPROTO_TCP 6 > #define IPPROTO_UDP 17 >+#define IPPROTO_DCCP 33 >+#define IPPROTO_SCTP 132 >+ > const char *apol_protocol_to_str(uint8_t protocol); > uint8_t apol_str_to_protocol(const char *protocol_str); > %newobject wrap_apol_str_to_internal_ip(char*); >diff --git a/libqpol/include/qpol/portcon_query.h b/libqpol/include/qpol/portcon_query.h >index 63210feb..72e8ce9e 100644 >--- a/libqpol/include/qpol/portcon_query.h >+++ b/libqpol/include/qpol/portcon_query.h >@@ -37,6 +37,13 @@ extern "C" > #include <qpol/iterator.h> > #include <qpol/policy.h> > >+#ifndef IPPROTO_DCCP >+#define IPPROTO_DCCP 33 >+#endif >+#ifndef IPPROTO_SCTP >+#define IPPROTO_SCTP 132 >+#endif >+ > typedef struct qpol_portcon qpol_portcon_t; > > /** >@@ -46,7 +53,8 @@ extern "C" > * @param high The high port of the range of ports; if searching for a > * single port, set high equal to low. > * @param protocol The protocol used in the portcon statement. >- * Value should be one of IPPROTO_TCP or IPPROTO_UDP from netinet/in.h >+ * Value should be one of IPPROTO_TCP, IPPROTO_UDP, IPPROTO_DCCP or >+ * IPPROTO_SCTP from netinet/in.h > * @param ocon Pointer in which to store the statement returned. > * The caller should not free this pointer. > * @return 0 on success and < 0 on failure; if the call fails, >@@ -73,7 +81,8 @@ extern "C" > * @param policy The policy associated with the portcon statement. > * @param ocon The portcon statement from which to get the protocol. > * @param protocol Pointer to set to the value of protocol. >- * Value will be one of IPPROTO_TCP or IPPROTO_UDP from netinet/in.h >+ * Value will be one of IPPROTO_TCP, IPPROTO_UDP, IPPROTO_DCCP or >+ * IPPROTO_SCTP from netinet/in.h > * @return 0 on success and < 0 on failure; if the call fails, > * errno will be set and *protocol will be 0; > */ >diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c >index 15f70ba3..2c5d488b 100644 >--- a/libqpol/src/policy_define.c >+++ b/libqpol/src/policy_define.c >@@ -63,6 +63,12 @@ > #ifdef HAVE_SEPOL_ERRCODES > #include <sepol/errcodes.h> > #endif >+#ifndef IPPROTO_DCCP >+#define IPPROTO_DCCP 33 >+#endif >+#ifndef IPPROTO_SCTP >+#define IPPROTO_SCTP 132 >+#endif > > #include "queue.h" > /* Required for SETools libqpol - Removed #include "checkpolicy.h"*/ >@@ -4350,6 +4356,10 @@ int define_port_context(unsigned int low, unsigned int high) > protocol = IPPROTO_TCP; > } else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) { > protocol = IPPROTO_UDP; >+ } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { >+ protocol = IPPROTO_DCCP; >+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { >+ protocol = IPPROTO_SCTP; > } else { > yyerror2("unrecognized protocol %s", id); > free(newc); >diff --git a/libqpol/src/policy_parse.y b/libqpol/src/policy_parse.y >index 357f3d8f..e07ff52c 100644 >--- a/libqpol/src/policy_parse.y >+++ b/libqpol/src/policy_parse.y >@@ -52,6 +52,13 @@ > #include <arpa/inet.h> > #include <stdlib.h> > >+#ifndef IPPROTO_DCCP >+#define IPPROTO_DCCP 33 >+#endif >+#ifndef IPPROTO_SCTP >+#define IPPROTO_SCTP 132 >+#endif >+ > #include <sepol/policydb/expand.h> > #include <sepol/policydb/policydb.h> > #include <sepol/policydb/services.h> >diff --git a/libqpol/swig/qpol.i b/libqpol/swig/qpol.i >index b604488a..9fbb8286 100644 >--- a/libqpol/swig/qpol.i >+++ b/libqpol/swig/qpol.i >@@ -2005,6 +2005,9 @@ typedef struct qpol_nodecon {} qpol_nodecon_t; > /* from netinet/in.h */ > #define IPPROTO_TCP 6 > #define IPPROTO_UDP 17 >+#define IPPROTO_DCCP 33 >+#define IPPROTO_SCTP 132 >+ > typedef struct qpol_portcon {} qpol_portcon_t; > %extend qpol_portcon_t { > qpol_portcon(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) { >diff --git a/python/setools/seinfo.c b/python/setools/seinfo.c >index 211930a3..7c22f9e7 100644 >--- a/python/setools/seinfo.c >+++ b/python/setools/seinfo.c >@@ -512,7 +512,9 @@ static PyObject* get_ports(const char *num, const apol_policy_t * policydb) > } > > if ((ocon_proto != IPPROTO_TCP) && >- (ocon_proto != IPPROTO_UDP)) >+ (ocon_proto != IPPROTO_UDP) && >+ (ocon_proto != IPPROTO_DCCP) && >+ (ocon_proto != IPPROTO_SCTP)) > goto cleanup; > > if (qpol_portcon_get_context(q, portcon, &ctxt)) { >diff --git a/secmds/seinfo.c b/secmds/seinfo.c >index a9708907..3c71af57 100644 >--- a/secmds/seinfo.c >+++ b/secmds/seinfo.c >@@ -1155,6 +1155,10 @@ static int print_portcon(FILE * fp, const char *num, const char *protocol, const > proto = IPPROTO_TCP; > else if (!strcmp(protocol, "udp")) > proto = IPPROTO_UDP; >+ else if (!strcmp(protocol, "dccp")) >+ proto = IPPROTO_DCCP; >+ else if (!strcmp(protocol, "sctp")) >+ proto = IPPROTO_SCTP; > else { > ERR(policydb, "Unable to get portcon by protocol: bad protocol %s.", protocol); > goto cleanup; >-- >2.14.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1469968">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1601958
:
1459439
| 1469968