From 4883a04fe1a251741283cff7a7536e1564a834be Mon Sep 17 00:00:00 2001
From: Julia Kartseva <hex@fb.com>
Date: Tue, 15 Jun 2021 11:58:54 -0700
Subject: dbus: extend SocktBind{Allow|Deny}= with ip proto

Support filtering by ip protocol (L4) in SocketBind{Allow|Deny}=
properties.
The signature of dbus methods must be finalized before new release is
cut, hence reserve a parameter for ip protocol.
Implementation will follow.

Closes https://github.com/systemd/systemd/issues/19891
---
 src/shared/bus-unit-util.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'src/shared/bus-unit-util.c')

diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index 54d04aae50..4c9fb305e4 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -866,11 +866,12 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
         if (STR_IN_SET(field, "SocketBindAllow",
                               "SocketBindDeny")) {
                 if (isempty(eq))
-                        r = sd_bus_message_append(m, "(sv)", field, "a(iqq)", 0);
+                        r = sd_bus_message_append(m, "(sv)", field, "a(iiqq)", 0);
                 else {
+                        /* No ip protocol specified for now. */
+                        int32_t family = AF_UNSPEC, ip_protocol = 0;
                         const char *address_family, *user_port;
                         _cleanup_free_ char *word = NULL;
-                        int family = AF_UNSPEC;
 
                         r = extract_first_word(&eq, &word, ":", 0);
                         if (r == -ENOMEM)
@@ -888,7 +889,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
 
                         user_port = eq ? eq : word;
                         if (streq(user_port, "any")) {
-                                r = sd_bus_message_append(m, "(sv)", field, "a(iqq)", 1, family, 0, 0);
+                                r = sd_bus_message_append(m, "(sv)", field, "a(iiqq)", 1, family, ip_protocol, 0, 0);
                                 if (r < 0)
                                         return bus_log_create_error(r);
                         } else {
@@ -901,7 +902,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
                                         return log_error_errno(r, "Invalid port or port range: %s", user_port);
 
                                 r = sd_bus_message_append(
-                                                m, "(sv)", field, "a(iqq)", 1, family, port_max - port_min + 1, port_min);
+                                                m, "(sv)", field, "a(iiqq)", 1, family, ip_protocol, port_max - port_min + 1, port_min);
                         }
                 }
                 if (r < 0)
-- 
cgit v1.2.1