From: Florian Westphal <fw@strlen.de>
To: netfilter-devel@vger.kernel.org
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH libnftables 2/3] expr: log: use real length when fetching attributes
Date: Fri, 13 Sep 2013 16:44:47 +0200 [thread overview]
Message-ID: <1379083488-20752-2-git-send-email-fw@strlen.de> (raw)
In-Reply-To: <1379083488-20752-1-git-send-email-fw@strlen.de>
NFTA_LOG_SNAPLEN is u32 and NFTA_LOG_QTHRESHOLD is u16.
Without this, netlink messages from kernel fail mnl_validate step when
QTHRESH or SNAPLEN was set.
Also, nft_rule_expr_log_get must update data_length, else 'nft list' doesn't
show log arguments (prefix, group ..) because the netlink message
decoding uses nft_rule_expr_get_u16/32 etc. which validate the length, too.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/expr/log.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/expr/log.c b/src/expr/log.c
index bbbd5b9..90fb32e 100644
--- a/src/expr/log.c
+++ b/src/expr/log.c
@@ -64,12 +64,16 @@ nft_rule_expr_log_get(const struct nft_rule_expr *e, uint16_t type,
switch(type) {
case NFT_EXPR_LOG_PREFIX:
+ *data_len = strlen(log->prefix)+1;
return log->prefix;
case NFT_EXPR_LOG_GROUP:
+ *data_len = sizeof(log->group);
return &log->group;
case NFT_EXPR_LOG_SNAPLEN:
+ *data_len = sizeof(log->snaplen);
return &log->snaplen;
case NFT_EXPR_LOG_QTHRESHOLD:
+ *data_len = sizeof(log->qthreshold);
return &log->qthreshold;
}
return NULL;
@@ -91,13 +95,13 @@ static int nft_rule_expr_log_cb(const struct nlattr *attr, void *data)
}
break;
case NFTA_LOG_GROUP:
- case NFTA_LOG_SNAPLEN:
+ case NFTA_LOG_QTHRESHOLD:
if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) {
perror("mnl_attr_validate");
return MNL_CB_ERROR;
}
break;
- case NFTA_LOG_QTHRESHOLD:
+ case NFTA_LOG_SNAPLEN:
if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) {
perror("mnl_attr_validate");
return MNL_CB_ERROR;
--
1.7.8.6
next prev parent reply other threads:[~2013-09-13 14:45 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-13 14:44 [PATCH nftables kernel 1/3] netfilter: nft_log: group is u16, snaplen u32 Florian Westphal
2013-09-13 14:44 ` Florian Westphal [this message]
2013-09-14 19:10 ` [PATCH libnftables 2/3] expr: log: use real length when fetching attributes Pablo Neira Ayuso
2013-09-13 14:44 ` [PATCH nftables 3/3] log: s/threshold/queue-threshold/ Florian Westphal
2013-09-14 19:10 ` Pablo Neira Ayuso
2013-09-14 19:10 ` [PATCH nftables kernel 1/3] netfilter: nft_log: group is u16, snaplen u32 Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1379083488-20752-2-git-send-email-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.