From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top, Stefano Brivio <sbrivio@redhat.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Subject: [PATCH 16/18] ip: Define a bound for the string returned by ipproto_name()
Date: Fri, 27 Mar 2026 15:34:28 +1100 [thread overview]
Message-ID: <20260327043430.1785787-17-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20260327043430.1785787-1-david@gibson.dropbear.id.au>
ipproto_name() returns a static string of theoretically unbounded length.
That's going to be inconvenient in future, so introduce IPPROTO_STRLEN
giving an explicit bound on the length. Use static_assert() and some
macros to ensure nothing we return can exceed this.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
ip.c | 18 ++++++++++++------
ip.h | 2 ++
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/ip.c b/ip.c
index 0ea62998..25fa4073 100644
--- a/ip.c
+++ b/ip.c
@@ -12,6 +12,7 @@
* Author: Stefano Brivio <sbrivio@redhat.com>
*/
+#include <assert.h>
#include <stddef.h>
#include <netinet/in.h>
@@ -74,7 +75,7 @@ found:
* ipproto_name() - Get IP protocol name from number
* @proto: IP protocol number
*
- * Return: pointer to name of protocol @proto
+ * Return: pointer to name of protocol @proto (<= IPPROTO_STRLEN bytes)
*
* Usually this would be done with getprotobynumber(3) but that reads
* /etc/protocols and might allocate, which isn't possible for us once
@@ -83,16 +84,21 @@ found:
const char *ipproto_name(uint8_t proto)
{
switch (proto) {
+#define CASE(s) \
+ static_assert(sizeof(s) <= IPPROTO_STRLEN, \
+ "Increase IPPROTO_STRLEN to contain " #s); \
+ return s;
case IPPROTO_ICMP:
- return "ICMP";
+ CASE("ICMP");
case IPPROTO_TCP:
- return "TCP";
+ CASE("TCP");
case IPPROTO_UDP:
- return "UDP";
+ CASE("UDP");
case IPPROTO_ICMPV6:
- return "ICMPv6";
+ CASE("ICMPv6");
default:
- return "<unknown protocol>";
+ CASE("<unknown protocol>");
+#undef CASE
}
}
diff --git a/ip.h b/ip.h
index d0de6c8d..fb4119a7 100644
--- a/ip.h
+++ b/ip.h
@@ -118,6 +118,8 @@ static inline uint32_t ip6_get_flow_lbl(const struct ipv6hdr *ip6h)
}
bool ipv6_l4hdr(struct iov_tail *data, uint8_t *proto, size_t *dlen);
+
+#define IPPROTO_STRLEN (sizeof("<unknown protocol>"))
const char *ipproto_name(uint8_t proto);
/* IPv6 link-local all-nodes multicast address, ff02::1 */
--
2.53.0
next prev parent reply other threads:[~2026-03-27 4:34 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-27 4:34 [PATCH 00/18] More pesto preliminaries David Gibson
2026-03-27 4:34 ` [PATCH 01/18] conf: runas can be const David Gibson
2026-03-27 4:34 ` [PATCH 02/18] fwd: Comparing rule " David Gibson
2026-03-27 4:34 ` [PATCH 03/18] vhost_user: Fix assorted minor cppcheck warnings David Gibson
2026-03-27 4:34 ` [PATCH 04/18] serialise: Split functions user for serialisation from util.c David Gibson
2026-03-27 4:34 ` [PATCH 05/18] serialise: Add helpers for serialising unsigned integers David Gibson
2026-03-27 4:34 ` [PATCH 06/18] fwd: Move selecting correct scan bitmap into fwd_sync_one() David Gibson
2026-03-27 4:34 ` [PATCH 07/18] fwd: Look up rule index in fwd_sync_one() David Gibson
2026-03-27 4:34 ` [PATCH 08/18] fwd: Store forwarding tables indexed by (origin) pif David Gibson
2026-03-27 4:34 ` [PATCH 09/18] fwd: Allow FWD_DUAL_STACK_ANY flag to be passed directly to fwd_rule_add() David Gibson
2026-03-27 4:34 ` [PATCH 10/18] fwd, conf: Expose ephemeral ports as bitmap rather than function David Gibson
2026-03-27 4:34 ` [PATCH 11/18] conf: Don't bother complaining about overlapping excluded ranges David Gibson
2026-03-27 4:34 ` [PATCH 12/18] conf: Move check for mapping port 0 to caller David Gibson
2026-03-27 4:34 ` [PATCH 13/18] conf: Move check for disabled interfaces earlier David Gibson
2026-03-27 4:34 ` [PATCH 14/18] conf: Remove redundant warning when SO_BINDTODEVICE is unavailable David Gibson
2026-03-27 4:34 ` [PATCH 15/18] pif: Limit pif names to IFNAMSIZ (16) bytes David Gibson
2026-03-29 12:02 ` Stefano Brivio
2026-03-27 4:34 ` David Gibson [this message]
2026-03-27 4:34 ` [PATCH 17/18] bitmap: Split bitmap helper functions into their own module David Gibson
2026-03-27 4:34 ` [PATCH 18/18] fwd: Split forwading rule specification from its implementation state David Gibson
2026-03-29 12:02 ` [PATCH 00/18] More pesto preliminaries Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260327043430.1785787-17-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).