dbus: extend SocketBind{Allow|Deny}= with ip proto

diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
index 9f20d547cb232b0fe1779d5620fcea5fc0ed295a..84c3caf3a5b293c0c87faa30f8600610335ae0c2 100644 (file)
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -15,6 +15,7 @@
 #include "errno-util.h"
 #include "fd-util.h"
 #include "fileio.h"
+#include "ip-protocol-list.h"
 #include "limits-util.h"
 #include "parse-util.h"
 #include "path-util.h"
@@ -1895,8 +1896,8 @@ int bus_cgroup_set_property(
                         if (!IN_SET(family, AF_UNSPEC, AF_INET, AF_INET6))
                                 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects INET or INET6 family, if specified.", name);
 
-                        if (ip_protocol != 0)
-                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects ip protocol equals to 0, for the time being.", name);
+                        if (!IN_SET(ip_protocol, 0, IPPROTO_TCP, IPPROTO_UDP))
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects TCP or UDP protocol, if specified.", name);
 
                         if (port_min + (uint32_t) nr_ports > (1 << 16))
                                 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects maximum port value lesser than 65536.", name);

diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index 4c9fb305e41352dd4c3759f6486c8e4f5542fb7d..31a6c63f0c999904687699dabccaa9802c83a037 100644 (file)
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -27,6 +27,7 @@
 #include "mountpoint-util.h"
 #include "nsflags.h"
 #include "numa-util.h"
+#include "parse-socket-bind-item.h"
 #include "parse-util.h"
 #include "path-util.h"
 #include "percent-util.h"
@@ -868,42 +869,17 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
                 if (isempty(eq))
                         r = sd_bus_message_append(m, "(sv)", field, "a(iiqq)", 0);
                 else {
-                        /* No ip protocol specified for now. */
-                        int32_t family = AF_UNSPEC, ip_protocol = 0;
-                        const char *address_family, *user_port;
-                        _cleanup_free_ char *word = NULL;
+                        int32_t family, ip_protocol;
+                        uint16_t nr_ports, port_min;
 
-                        r = extract_first_word(&eq, &word, ":", 0);
+                        r = parse_socket_bind_item(eq, &family, &ip_protocol, &nr_ports, &port_min);
                         if (r == -ENOMEM)
                                 return log_oom();
                         if (r < 0)
-                                return log_error_errno(r, "Failed to parse %s: %m", field);
-
-                        address_family = eq ? word : NULL;
-                        if (address_family) {
-                                family = af_from_ipv4_ipv6(address_family);
-                                if (family == AF_UNSPEC)
-                                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                                               "Only \"ipv4\" and \"ipv6\" protocols are supported");
-                        }
+                                return log_error_errno(r, "Failed to parse %s", field);
 
-                        user_port = eq ? eq : word;
-                        if (streq(user_port, "any")) {
-                                r = sd_bus_message_append(m, "(sv)", field, "a(iiqq)", 1, family, ip_protocol, 0, 0);
-                                if (r < 0)
-                                        return bus_log_create_error(r);
-                        } else {
-                                uint16_t port_min, port_max;
-
-                                r = parse_ip_port_range(user_port, &port_min, &port_max);
-                                if (r == -ENOMEM)
-                                        return log_oom();
-                                if (r < 0)
-                                        return log_error_errno(r, "Invalid port or port range: %s", user_port);
-
-                                r = sd_bus_message_append(
-                                                m, "(sv)", field, "a(iiqq)", 1, family, ip_protocol, port_max - port_min + 1, port_min);
-                        }
+                        r = sd_bus_message_append(
+                                        m, "(sv)", field, "a(iiqq)", 1, family, ip_protocol, nr_ports, port_min);
                 }
                 if (r < 0)
                         return bus_log_create_error(r);

diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c
index 178270b4b0aa55a7bc37c74ac921c910630260c9..470ff617d603935cf3a82ca354c0971c97b07a74 100644 (file)
--- a/src/systemctl/systemctl-show.c
+++ b/src/systemctl/systemctl-show.c
@@ -17,6 +17,7 @@
 #include "hexdecoct.h"
 #include "hostname-util.h"
 #include "in-addr-util.h"
+#include "ip-protocol-list.h"
 #include "journal-file.h"
 #include "list.h"
 #include "locale-util.h"
@@ -1718,19 +1719,27 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m
                         if (r < 0)
                                 return bus_log_parse_error(r);
                         while ((r = sd_bus_message_read(m, "(iiqq)", &af, &ip_protocol, &nr_ports, &port_min)) > 0) {
-                                const char *family, *colon;
+                                const char *family, *colon1, *protocol = "", *colon2 = "";
 
                                 family = strempty(af_to_ipv4_ipv6(af));
-                                colon = isempty(family) ? "" : ":";
+                                colon1 = isempty(family) ? "" : ":";
+
+                                if (ip_protocol != 0) {
+                                        protocol = ip_protocol_to_tcp_udp(ip_protocol);
+                                        colon2 = "";
+                                }
 
                                 if (nr_ports == 0)
-                                        bus_print_property_valuef(name, expected_value, flags, "%s%sany", family, colon);
+                                        bus_print_property_valuef(name, expected_value, flags, "%s%s%s%sany",
+                                                        family, colon1, protocol, colon2);
                                 else if (nr_ports == 1)
                                         bus_print_property_valuef(
-                                                        name, expected_value, flags, "%s%s%hu", family, colon, port_min);
+                                                        name, expected_value, flags, "%s%s%s%s%hu",
+                                                        family, colon1, protocol, colon2, port_min);
                                 else
                                         bus_print_property_valuef(
-                                                        name, expected_value, flags, "%s%s%hu-%hu", family, colon, port_min,
+                                                        name, expected_value, flags, "%s%s%s%s%hu-%hu",
+                                                        family, colon1, protocol, colon2, port_min,
                                                         (uint16_t) (port_min + nr_ports - 1));
                         }
                         if (r < 0)