* [PATCH 0/3] netfilter: nf_tables: minor fixes
@ 2012-12-27 6:43 kaber
2012-12-27 6:43 ` =?a?q?=5BPATCH=201/3=5D=20netfilter=3A=20nf=5Ftables=3A=20fix=20NLM=5FF=5FMULTI=20usage=20in=20netlink=20notifications?= kaber
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: kaber @ 2012-12-27 6:43 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel
Hi Pablo,
the following patches fix two minor netlink issues and add a missing check
for duplicate names on chain renames.
Please apply, thanks!
^ permalink raw reply [flat|nested] 5+ messages in thread
* =?a?q?=5BPATCH=201/3=5D=20netfilter=3A=20nf=5Ftables=3A=20fix=20NLM=5FF=5FMULTI=20usage=20in=20netlink=20notifications?=
2012-12-27 6:43 [PATCH 0/3] netfilter: nf_tables: minor fixes kaber
@ 2012-12-27 6:43 ` kaber
2012-12-27 6:43 ` =?a?q?=5BPATCH=202/3=5D=20netfilter=3A=20nf=5Ftables=3A=20include=20NLM=5FF=5FAPPEND=20in=20rule=20dumps?= kaber
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: kaber @ 2012-12-27 6:43 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel, Patrick McHardy
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=a, Size: 5099 bytes --]
From: Patrick McHardy <kaber@trash.net>
All requests contain a portid, but only dumps use multipart messages.
Have the caller pass the requested flags to nf_tables_fill_*_info()
instead of trying to deduce them based on the portid presence.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
net/netfilter/nf_tables_api.c | 28 +++++++++++++---------------
1 Datei geändert, 13 Zeilen hinzugefügt(+), 15 Zeilen entfernt(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index c4e4baa..27f7155 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -162,17 +162,16 @@ static const struct nla_policy nft_table_policy[NFTA_TABLE_MAX + 1] = {
};
static int nf_tables_fill_table_info(struct sk_buff *skb, u32 portid, u32 seq,
- int event, int family,
+ int event, u32 flags, int family,
const struct nft_table *table)
{
struct nlmsghdr *nlh;
struct nfgenmsg *nfmsg;
event |= NFNL_SUBSYS_NFTABLES << 8;
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct nfgenmsg), 0);
+ nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct nfgenmsg), flags);
if (nlh == NULL)
goto nla_put_failure;
- nlh->nlmsg_flags = portid ? NLM_F_MULTI : 0;
nfmsg = nlmsg_data(nlh);
nfmsg->nfgen_family = family;
@@ -211,7 +210,8 @@ static int nf_tables_table_notify(const struct sk_buff *oskb,
if (skb == NULL)
goto err;
- err = nf_tables_fill_table_info(skb, portid, seq, event, family, table);
+ err = nf_tables_fill_table_info(skb, portid, seq, event, 0, family,
+ table);
if (err < 0) {
kfree_skb(skb);
goto err;
@@ -247,7 +247,7 @@ static int nf_tables_dump_tables(struct sk_buff *skb,
if (nf_tables_fill_table_info(skb,
NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq,
- NFT_MSG_NEWTABLE,
+ NFT_MSG_NEWTABLE, NLM_F_MULTI,
afi->family, table) < 0)
goto done;
cont:
@@ -290,7 +290,7 @@ static int nf_tables_gettable(struct sock *nlsk, struct sk_buff *skb,
return -ENOMEM;
err = nf_tables_fill_table_info(skb2, NETLINK_CB(skb).portid,
- nlh->nlmsg_seq, NFT_MSG_NEWTABLE,
+ nlh->nlmsg_seq, NFT_MSG_NEWTABLE, 0,
family, table);
if (err < 0)
goto err;
@@ -524,7 +524,7 @@ static const struct nla_policy nft_hook_policy[NFTA_HOOK_MAX + 1] = {
};
static int nf_tables_fill_chain_info(struct sk_buff *skb, u32 portid, u32 seq,
- int event, int family,
+ int event, u32 flags, int family,
const struct nft_table *table,
const struct nft_chain *chain)
{
@@ -532,10 +532,9 @@ static int nf_tables_fill_chain_info(struct sk_buff *skb, u32 portid, u32 seq,
struct nfgenmsg *nfmsg;
event |= NFNL_SUBSYS_NFTABLES << 8;
- nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct nfgenmsg), 0);
+ nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct nfgenmsg), flags);
if (nlh == NULL)
goto nla_put_failure;
- nlh->nlmsg_flags = portid ? NLM_F_MULTI : 0;
nfmsg = nlmsg_data(nlh);
nfmsg->nfgen_family = family;
@@ -604,8 +603,8 @@ static int nf_tables_chain_notify(const struct sk_buff *oskb,
if (skb == NULL)
goto err;
- err = nf_tables_fill_chain_info(skb, portid, seq, event, family, table,
- chain);
+ err = nf_tables_fill_chain_info(skb, portid, seq, event, 0, family,
+ table, chain);
if (err < 0) {
kfree_skb(skb);
goto err;
@@ -642,7 +641,7 @@ static int nf_tables_dump_chains(struct sk_buff *skb,
sizeof(cb->args) - sizeof(cb->args[0]));
if (nf_tables_fill_chain_info(skb, NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq,
- NFT_MSG_NEWCHAIN,
+ NFT_MSG_NEWCHAIN, NLM_F_MULTI,
afi->family, table, chain) < 0)
goto done;
cont:
@@ -692,7 +691,7 @@ static int nf_tables_getchain(struct sock *nlsk, struct sk_buff *skb,
return -ENOMEM;
err = nf_tables_fill_chain_info(skb2, NETLINK_CB(skb).portid,
- nlh->nlmsg_seq, NFT_MSG_NEWCHAIN,
+ nlh->nlmsg_seq, NFT_MSG_NEWCHAIN, 0,
family, table, chain);
if (err < 0)
goto err;
@@ -1141,7 +1140,6 @@ static int nf_tables_fill_rule_info(struct sk_buff *skb, u32 portid, u32 seq,
flags);
if (nlh == NULL)
goto nla_put_failure;
- nlh->nlmsg_flags = portid ? NLM_F_MULTI : 0;
nfmsg = nlmsg_data(nlh);
nfmsg->nfgen_family = family;
@@ -1238,7 +1236,7 @@ static int nf_tables_dump_rules(struct sk_buff *skb,
sizeof(cb->args) - sizeof(cb->args[0]));
if (nf_tables_fill_rule_info(skb, NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq,
- NFT_MSG_NEWRULE, 0,
+ NFT_MSG_NEWRULE, NLM_F_MULTI,
afi->family, table, chain, rule) < 0)
goto done;
cont:
--
1.7.11.7
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 5+ messages in thread
* =?a?q?=5BPATCH=202/3=5D=20netfilter=3A=20nf=5Ftables=3A=20include=20NLM=5FF=5FAPPEND=20in=20rule=20dumps?=
2012-12-27 6:43 [PATCH 0/3] netfilter: nf_tables: minor fixes kaber
2012-12-27 6:43 ` =?a?q?=5BPATCH=201/3=5D=20netfilter=3A=20nf=5Ftables=3A=20fix=20NLM=5FF=5FMULTI=20usage=20in=20netlink=20notifications?= kaber
@ 2012-12-27 6:43 ` kaber
2012-12-27 6:43 ` =?a?q?=5BPATCH=203/3=5D=20netfilter=3A=20nf=5Ftables=3A=20check=20for=20duplicate=20names=20on=20chain=20rename?= kaber
2012-12-30 2:21 ` [PATCH 0/3] netfilter: nf_tables: minor fixes Pablo Neira Ayuso
3 siblings, 0 replies; 5+ messages in thread
From: kaber @ 2012-12-27 6:43 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel, Patrick McHardy
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=a, Size: 1124 bytes --]
From: Patrick McHardy <kaber@trash.net>
Since the rule database is ordered, include NLM_F_APPEND in rule dumps.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
net/netfilter/nf_tables_api.c | 3 ++-
1 Datei geändert, 2 Zeilen hinzugefügt(+), 1 Zeile entfernt(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 27f7155..801ead5 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1236,7 +1236,8 @@ static int nf_tables_dump_rules(struct sk_buff *skb,
sizeof(cb->args) - sizeof(cb->args[0]));
if (nf_tables_fill_rule_info(skb, NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq,
- NFT_MSG_NEWRULE, NLM_F_MULTI,
+ NFT_MSG_NEWRULE,
+ NLM_F_MULTI | NLM_F_APPEND,
afi->family, table, chain, rule) < 0)
goto done;
cont:
--
1.7.11.7
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 5+ messages in thread
* =?a?q?=5BPATCH=203/3=5D=20netfilter=3A=20nf=5Ftables=3A=20check=20for=20duplicate=20names=20on=20chain=20rename?=
2012-12-27 6:43 [PATCH 0/3] netfilter: nf_tables: minor fixes kaber
2012-12-27 6:43 ` =?a?q?=5BPATCH=201/3=5D=20netfilter=3A=20nf=5Ftables=3A=20fix=20NLM=5FF=5FMULTI=20usage=20in=20netlink=20notifications?= kaber
2012-12-27 6:43 ` =?a?q?=5BPATCH=202/3=5D=20netfilter=3A=20nf=5Ftables=3A=20include=20NLM=5FF=5FAPPEND=20in=20rule=20dumps?= kaber
@ 2012-12-27 6:43 ` kaber
2012-12-30 2:21 ` [PATCH 0/3] netfilter: nf_tables: minor fixes Pablo Neira Ayuso
3 siblings, 0 replies; 5+ messages in thread
From: kaber @ 2012-12-27 6:43 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel, Patrick McHardy
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=a, Size: 1941 bytes --]
From: Patrick McHardy <kaber@trash.net>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
net/netfilter/nf_tables_api.c | 12 ++++++++----
1 Datei geändert, 8 Zeilen hinzugefügt(+), 4 Zeilen entfernt(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 801ead5..ccb7d07 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -746,13 +746,14 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
return PTR_ERR(table);
chain = NULL;
+ name = nla[NFTA_CHAIN_NAME];
+
if (nla[NFTA_CHAIN_HANDLE]) {
handle = be64_to_cpu(nla_get_be64(nla[NFTA_CHAIN_HANDLE]));
chain = nf_tables_chain_lookup_byhandle(table, handle);
if (IS_ERR(chain))
return PTR_ERR(chain);
} else {
- name = nla[NFTA_CHAIN_NAME];
chain = nf_tables_chain_lookup(table, name);
if (IS_ERR(chain)) {
if (PTR_ERR(chain) != -ENOENT)
@@ -767,6 +768,10 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
if (nlh->nlmsg_flags & NLM_F_REPLACE)
return -EOPNOTSUPP;
+ if (nla[NFTA_CHAIN_HANDLE] && name &&
+ !IS_ERR(nf_tables_chain_lookup(table, nla[NFTA_CHAIN_NAME])))
+ return -EEXIST;
+
if (nla[NFTA_CHAIN_POLICY]) {
if (!(chain->flags & NFT_BASE_CHAIN))
return -EOPNOTSUPP;
@@ -777,9 +782,8 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
return err;
}
- if (nla[NFTA_CHAIN_HANDLE] && nla[NFTA_CHAIN_NAME])
- nla_strlcpy(chain->name, nla[NFTA_CHAIN_NAME],
- NFT_CHAIN_MAXNAMELEN);
+ if (nla[NFTA_CHAIN_HANDLE] && name)
+ nla_strlcpy(chain->name, name, NFT_CHAIN_MAXNAMELEN);
goto notify;
}
--
1.7.11.7
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 0/3] netfilter: nf_tables: minor fixes
2012-12-27 6:43 [PATCH 0/3] netfilter: nf_tables: minor fixes kaber
` (2 preceding siblings ...)
2012-12-27 6:43 ` =?a?q?=5BPATCH=203/3=5D=20netfilter=3A=20nf=5Ftables=3A=20check=20for=20duplicate=20names=20on=20chain=20rename?= kaber
@ 2012-12-30 2:21 ` Pablo Neira Ayuso
3 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2012-12-30 2:21 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
On Thu, Dec 27, 2012 at 07:43:25AM +0100, kaber@trash.net wrote:
> Hi Pablo,
>
> the following patches fix two minor netlink issues and add a missing check
> for duplicate names on chain renames.
>
> Please apply, thanks!
All applied, thanks Patrick!
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-12-30 2:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-12-27 6:43 [PATCH 0/3] netfilter: nf_tables: minor fixes kaber
2012-12-27 6:43 ` =?a?q?=5BPATCH=201/3=5D=20netfilter=3A=20nf=5Ftables=3A=20fix=20NLM=5FF=5FMULTI=20usage=20in=20netlink=20notifications?= kaber
2012-12-27 6:43 ` =?a?q?=5BPATCH=202/3=5D=20netfilter=3A=20nf=5Ftables=3A=20include=20NLM=5FF=5FAPPEND=20in=20rule=20dumps?= kaber
2012-12-27 6:43 ` =?a?q?=5BPATCH=203/3=5D=20netfilter=3A=20nf=5Ftables=3A=20check=20for=20duplicate=20names=20on=20chain=20rename?= kaber
2012-12-30 2:21 ` [PATCH 0/3] netfilter: nf_tables: minor fixes Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.