From: Pablo Neira Ayuso <pablo@netfilter.org>
To: valentina.giusti@bmw-carit.de
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org,
jpa@google.com, fw@strnel.de, daniel.wagner@bmw-carit.de
Subject: Re: [PATCH v4 2/2] libnetfilter_queue: add support for UID/GID socket info
Date: Sat, 21 Dec 2013 12:38:04 +0100 [thread overview]
Message-ID: <20131221113804.GA17964@localhost> (raw)
In-Reply-To: <1387556934-7372-3-git-send-email-valentina.giusti@bmw-carit.de>
Hi,
On Fri, Dec 20, 2013 at 05:28:54PM +0100, valentina.giusti@bmw-carit.de wrote:
[...]
> diff --git a/include/libnetfilter_queue/linux_nfnetlink_queue.h b/include/libnetfilter_queue/linux_nfnetlink_queue.h
> index 81a485b..884ab0e 100644
> --- a/include/libnetfilter_queue/linux_nfnetlink_queue.h
> +++ b/include/libnetfilter_queue/linux_nfnetlink_queue.h
> @@ -50,6 +50,8 @@ enum nfqnl_attr_type {
> NFQA_CAP_LEN, /* __u32 length of captured packet */
> NFQA_SKB_INFO, /* __u32 skb meta information */
>
> + NFQA_UID, /* __u32 sk uid */
> + NFQA_GID, /* __u32 sk gid */
This update is wrong. See below the reason why.
> __NFQA_MAX
> };
> #define NFQA_MAX (__NFQA_MAX - 1)
> @@ -101,7 +103,8 @@ enum nfqnl_attr_config {
> #define NFQA_CFG_F_FAIL_OPEN (1 << 0)
> #define NFQA_CFG_F_CONNTRACK (1 << 1)
> #define NFQA_CFG_F_GSO (1 << 2)
> -#define NFQA_CFG_F_MAX (1 << 3)
> +#define NFQA_CFG_F_UID_GID (1 << 3)
> +#define NFQA_CFG_F_MAX (1 << 4)
>
> /* flags for NFQA_SKB_INFO */
> /* packet appears to have wrong checksums, but they are ok */
> diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
> index a2308ae..22f5d45 100644
> --- a/include/linux/netfilter/nfnetlink_queue.h
> +++ b/include/linux/netfilter/nfnetlink_queue.h
> @@ -46,6 +46,9 @@ enum nfqnl_attr_type {
> NFQA_CT_INFO, /* enum ip_conntrack_info */
> NFQA_CAP_LEN, /* __u32 length of captured packet */
> NFQA_SKB_INFO, /* __u32 skb meta information */
> + NFQA_EXP, /* nf_conntrack_netlink.h */
> + NFQA_UID, /* __u32 sk uid */
> + NFQA_GID, /* __u32 sk gid */
You have manually updated libnetfilter_queue/linux_nfnetlink_queue.h,
but you forgot to include NFQA_EXP. The result is that your
nfq_get_uid() returns the NFQA_EXP attribute and nfq_get_gid() returns
the NFQA_UID attribute.
You should have noticed it with a simple run of utils/nfqnl_test run
and a couple of printf to test it. I'm afraid that you're not giving
sufficient testing to your patches.
Fix it and resubmit, thanks.
next prev parent reply other threads:[~2013-12-21 11:38 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-20 16:28 [PATCH v4 0/2] Add UID/GID info to NFQUEUE valentina.giusti
2013-12-20 16:28 ` [PATCH v4 1/2] netfilter_queue: enable UID/GID socket info retrieval valentina.giusti
2013-12-23 14:21 ` Pablo Neira Ayuso
2014-01-07 8:11 ` Valentina Giusti
2013-12-20 16:28 ` [PATCH v4 2/2] libnetfilter_queue: add support for UID/GID socket info valentina.giusti
2013-12-21 11:38 ` Pablo Neira Ayuso [this message]
2014-01-07 13:30 ` [PATCH 0/2] " valentina.giusti
2014-01-07 13:30 ` [PATCH 1/2] src: " valentina.giusti
2014-01-07 23:42 ` Pablo Neira Ayuso
2014-01-07 13:30 ` [PATCH 2/2] utils: add test for nfq_get_uid and nfq_get_gid valentina.giusti
2014-01-07 23:43 ` Pablo Neira Ayuso
2014-01-08 9:36 ` Valentina Giusti
2013-12-21 12:11 ` [PATCH v4 2/2] libnetfilter_queue: add support for UID/GID socket info Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131221113804.GA17964@localhost \
--to=pablo@netfilter.org \
--cc=daniel.wagner@bmw-carit.de \
--cc=fw@strnel.de \
--cc=jpa@google.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=valentina.giusti@bmw-carit.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.