From: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nf-next 2/2] netfilter: nfnetlink_log: validate dependencies to avoid breaking atomicity
Date: Thu, 15 Oct 2015 11:37:06 +0900 [thread overview]
Message-ID: <20151015023706.GA16497@gmail.com> (raw)
In-Reply-To: <1444733268-8564-2-git-send-email-pablo@netfilter.org>
[-- Attachment #1: Type: text/plain, Size: 864 bytes --]
Thank you for your usual support.
On Tue, Oct 13, 2015 at 12:47:47PM +0200, Pablo Neira Ayuso wrote:
> @Ken-ichirou: Could you give a test to this patches? Thanks.
I've tested these with appended and is fine, of course.
Before applying patches:
# ./a.out 123
a.out: empty_cfg.c:56: main: Assertion `mnl_cb_run(buf, ret, 0, portid, ((void *)0), ((void *)0)) == -1' failed.
Aborted
On Tue, Oct 13, 2015 at 12:47:48PM +0200, Pablo Neira Ayuso wrote:
> +#ifdef CONFIG_MODULES
> + nfnl_unlock(NFNL_SUBSYS_ULOG);
> + request_module("ip_conntrack_netlink");
> + nfnl_lock(NFNL_SUBSYS_ULOG);
> + if (rcu_access_pointer(nfnl_ct_hook)) {
> + ret = -EAGAIN;
> + goto out_put;
> + }
> +#endif
> + ret = -EOPNOTSUPP;
> + goto out_put;
It's off the subject, but this fixes module unload. It was not
put instance at my first patch, Thanks!
[-- Attachment #2: empty_cfg.c --]
[-- Type: text/x-csrc, Size: 1326 bytes --]
/*
* This example is placed in the public domain.
* cc empty_cfg.c -lmnl -lnetfilter_log
*/
#include <stdio.h>
#include <stdlib.h>
#include <arpa/inet.h>
#include <errno.h>
#include <assert.h>
#include <linux/netfilter/nfnetlink_log.h>
#include <libmnl/libmnl.h>
#include <libnetfilter_log/libnetfilter_log.h>
int main(int argc, char *argv[])
{
struct mnl_socket *nl;
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
int ret;
unsigned int portid, qnum;
if (argc != 2) {
printf("Usage: %s [queue_num]\n", argv[0]);
exit(EXIT_FAILURE);
}
qnum = atoi(argv[1]);
nl = mnl_socket_open(NETLINK_NETFILTER);
if (nl == NULL) {
perror("mnl_socket_open");
exit(EXIT_FAILURE);
}
if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
perror("mnl_socket_bind");
exit(EXIT_FAILURE);
}
portid = mnl_socket_get_portid(nl);
nlh = nflog_nlmsg_put_header(buf, NFULNL_MSG_CONFIG, AF_UNSPEC, qnum);
nlh->nlmsg_flags |= NLM_F_ACK;
if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
perror("mnl_socket_sendto");
exit(EXIT_FAILURE);
}
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
if (ret == -1) {
perror("mnl_socket_recvfrom");
exit(EXIT_FAILURE);
}
assert(mnl_cb_run(buf, ret, 0, portid, NULL, NULL) == MNL_CB_ERROR);
assert(errno == ENODEV);
mnl_socket_close(nl);
return 0;
}
prev parent reply other threads:[~2015-10-15 2:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-13 10:47 [PATCH nf-next 1/2] netfilter: nfnetlink_log: consolidate check for instance in nfulnl_recv_config() Pablo Neira Ayuso
2015-10-13 10:47 ` [PATCH nf-next 2/2] netfilter: nfnetlink_log: validate dependencies to avoid breaking atomicity Pablo Neira Ayuso
2015-10-15 2:37 ` Ken-ichirou MATSUZAWA [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151015023706.GA16497@gmail.com \
--to=chamaken@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.