* [PATCH nftables kernel 1/3] netfilter: nft_log: group is u16, snaplen u32
@ 2013-09-13 14:44 Florian Westphal
2013-09-13 14:44 ` [PATCH libnftables 2/3] expr: log: use real length when fetching attributes Florian Westphal
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Florian Westphal @ 2013-09-13 14:44 UTC (permalink / raw)
To: netfilter-devel; +Cc: Florian Westphal
0edecbe17ae (netfilter: nft_log: group and qthreshold are 2^16)
made the correct changes except in the nla_policy where
it changed snaplen instead of group attibute.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
net/netfilter/nft_log.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nft_log.c b/net/netfilter/nft_log.c
index 65cc62f..70b1be2 100644
--- a/net/netfilter/nft_log.c
+++ b/net/netfilter/nft_log.c
@@ -37,9 +37,9 @@ static void nft_log_eval(const struct nft_expr *expr,
}
static const struct nla_policy nft_log_policy[NFTA_LOG_MAX + 1] = {
- [NFTA_LOG_GROUP] = { .type = NLA_U32 },
+ [NFTA_LOG_GROUP] = { .type = NLA_U16 },
[NFTA_LOG_PREFIX] = { .type = NLA_STRING },
- [NFTA_LOG_SNAPLEN] = { .type = NLA_U16 },
+ [NFTA_LOG_SNAPLEN] = { .type = NLA_U32 },
[NFTA_LOG_QTHRESHOLD] = { .type = NLA_U16 },
};
--
1.7.8.6
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH libnftables 2/3] expr: log: use real length when fetching attributes
2013-09-13 14:44 [PATCH nftables kernel 1/3] netfilter: nft_log: group is u16, snaplen u32 Florian Westphal
@ 2013-09-13 14:44 ` Florian Westphal
2013-09-14 19:10 ` Pablo Neira Ayuso
2013-09-13 14:44 ` [PATCH nftables 3/3] log: s/threshold/queue-threshold/ Florian Westphal
2013-09-14 19:10 ` [PATCH nftables kernel 1/3] netfilter: nft_log: group is u16, snaplen u32 Pablo Neira Ayuso
2 siblings, 1 reply; 6+ messages in thread
From: Florian Westphal @ 2013-09-13 14:44 UTC (permalink / raw)
To: netfilter-devel; +Cc: Florian Westphal
NFTA_LOG_SNAPLEN is u32 and NFTA_LOG_QTHRESHOLD is u16.
Without this, netlink messages from kernel fail mnl_validate step when
QTHRESH or SNAPLEN was set.
Also, nft_rule_expr_log_get must update data_length, else 'nft list' doesn't
show log arguments (prefix, group ..) because the netlink message
decoding uses nft_rule_expr_get_u16/32 etc. which validate the length, too.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/expr/log.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/expr/log.c b/src/expr/log.c
index bbbd5b9..90fb32e 100644
--- a/src/expr/log.c
+++ b/src/expr/log.c
@@ -64,12 +64,16 @@ nft_rule_expr_log_get(const struct nft_rule_expr *e, uint16_t type,
switch(type) {
case NFT_EXPR_LOG_PREFIX:
+ *data_len = strlen(log->prefix)+1;
return log->prefix;
case NFT_EXPR_LOG_GROUP:
+ *data_len = sizeof(log->group);
return &log->group;
case NFT_EXPR_LOG_SNAPLEN:
+ *data_len = sizeof(log->snaplen);
return &log->snaplen;
case NFT_EXPR_LOG_QTHRESHOLD:
+ *data_len = sizeof(log->qthreshold);
return &log->qthreshold;
}
return NULL;
@@ -91,13 +95,13 @@ static int nft_rule_expr_log_cb(const struct nlattr *attr, void *data)
}
break;
case NFTA_LOG_GROUP:
- case NFTA_LOG_SNAPLEN:
+ case NFTA_LOG_QTHRESHOLD:
if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) {
perror("mnl_attr_validate");
return MNL_CB_ERROR;
}
break;
- case NFTA_LOG_QTHRESHOLD:
+ case NFTA_LOG_SNAPLEN:
if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) {
perror("mnl_attr_validate");
return MNL_CB_ERROR;
--
1.7.8.6
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH nftables 3/3] log: s/threshold/queue-threshold/
2013-09-13 14:44 [PATCH nftables kernel 1/3] netfilter: nft_log: group is u16, snaplen u32 Florian Westphal
2013-09-13 14:44 ` [PATCH libnftables 2/3] expr: log: use real length when fetching attributes Florian Westphal
@ 2013-09-13 14:44 ` Florian Westphal
2013-09-14 19:10 ` Pablo Neira Ayuso
2013-09-14 19:10 ` [PATCH nftables kernel 1/3] netfilter: nft_log: group is u16, snaplen u32 Pablo Neira Ayuso
2 siblings, 1 reply; 6+ messages in thread
From: Florian Westphal @ 2013-09-13 14:44 UTC (permalink / raw)
To: netfilter-devel; +Cc: Florian Westphal
on input we expect "queue-threshold" token, so use the same
name when printing the output.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/statement.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/statement.c b/src/statement.c
index 1a3ea3c..69db48f 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -122,7 +122,7 @@ static void log_stmt_print(const struct stmt *stmt)
if (stmt->log.snaplen)
printf(" snaplen %u", stmt->log.snaplen);
if (stmt->log.qthreshold)
- printf(" threshold %u", stmt->log.qthreshold);
+ printf(" queue-threshold %u", stmt->log.qthreshold);
}
static void log_stmt_destroy(struct stmt *stmt)
--
1.7.8.6
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH nftables kernel 1/3] netfilter: nft_log: group is u16, snaplen u32
2013-09-13 14:44 [PATCH nftables kernel 1/3] netfilter: nft_log: group is u16, snaplen u32 Florian Westphal
2013-09-13 14:44 ` [PATCH libnftables 2/3] expr: log: use real length when fetching attributes Florian Westphal
2013-09-13 14:44 ` [PATCH nftables 3/3] log: s/threshold/queue-threshold/ Florian Westphal
@ 2013-09-14 19:10 ` Pablo Neira Ayuso
2 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2013-09-14 19:10 UTC (permalink / raw)
To: Florian Westphal; +Cc: netfilter-devel
On Fri, Sep 13, 2013 at 04:44:46PM +0200, Florian Westphal wrote:
> 0edecbe17ae (netfilter: nft_log: group and qthreshold are 2^16)
> made the correct changes except in the nla_policy where
> it changed snaplen instead of group attibute.
Applied, thanks Florian.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH libnftables 2/3] expr: log: use real length when fetching attributes
2013-09-13 14:44 ` [PATCH libnftables 2/3] expr: log: use real length when fetching attributes Florian Westphal
@ 2013-09-14 19:10 ` Pablo Neira Ayuso
0 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2013-09-14 19:10 UTC (permalink / raw)
To: Florian Westphal; +Cc: netfilter-devel
On Fri, Sep 13, 2013 at 04:44:47PM +0200, Florian Westphal wrote:
> NFTA_LOG_SNAPLEN is u32 and NFTA_LOG_QTHRESHOLD is u16.
> Without this, netlink messages from kernel fail mnl_validate step when
> QTHRESH or SNAPLEN was set.
>
> Also, nft_rule_expr_log_get must update data_length, else 'nft list' doesn't
> show log arguments (prefix, group ..) because the netlink message
> decoding uses nft_rule_expr_get_u16/32 etc. which validate the length, too.
Also applied, thanks.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH nftables 3/3] log: s/threshold/queue-threshold/
2013-09-13 14:44 ` [PATCH nftables 3/3] log: s/threshold/queue-threshold/ Florian Westphal
@ 2013-09-14 19:10 ` Pablo Neira Ayuso
0 siblings, 0 replies; 6+ messages in thread
From: Pablo Neira Ayuso @ 2013-09-14 19:10 UTC (permalink / raw)
To: Florian Westphal; +Cc: netfilter-devel
On Fri, Sep 13, 2013 at 04:44:48PM +0200, Florian Westphal wrote:
> on input we expect "queue-threshold" token, so use the same
> name when printing the output.
Applied, thanks.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-09-14 19:10 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-13 14:44 [PATCH nftables kernel 1/3] netfilter: nft_log: group is u16, snaplen u32 Florian Westphal
2013-09-13 14:44 ` [PATCH libnftables 2/3] expr: log: use real length when fetching attributes Florian Westphal
2013-09-14 19:10 ` Pablo Neira Ayuso
2013-09-13 14:44 ` [PATCH nftables 3/3] log: s/threshold/queue-threshold/ Florian Westphal
2013-09-14 19:10 ` Pablo Neira Ayuso
2013-09-14 19:10 ` [PATCH nftables kernel 1/3] netfilter: nft_log: group is u16, snaplen u32 Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.