From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Phil Sutter <phil@nwl.cc>, netfilter-devel@vger.kernel.org
Subject: Re: [nft PATCH 2/2] monitor: Make JSON output respect output_fp
Date: Thu, 16 Nov 2017 14:57:42 +0100 [thread overview]
Message-ID: <20171116135742.GA13598@salvia> (raw)
In-Reply-To: <20171116135402.GJ32305@orbyte.nwl.cc>
On Thu, Nov 16, 2017 at 02:54:02PM +0100, Phil Sutter wrote:
> On Thu, Nov 16, 2017 at 02:38:24PM +0100, Pablo Neira Ayuso wrote:
> > On Thu, Nov 16, 2017 at 09:06:29AM +0100, Phil Sutter wrote:
> > > This introduces a rather nasty macro to call nftnl_*_fprintf() only if
> > > output_fp is valid. On the other hand, it allows to pull the common
> > > parts (format argument, event conversion) into a single place.
> > >
> > > Signed-off-by: Phil Sutter <phil@nwl.cc>
> > > ---
> > > src/netlink.c | 38 ++++++++++++++++++--------------------
> > > 1 file changed, 18 insertions(+), 20 deletions(-)
> > >
> > > diff --git a/src/netlink.c b/src/netlink.c
> > > index 845eeeffd7387..81b92ac1e2d7c 100644
> > > --- a/src/netlink.c
> > > +++ b/src/netlink.c
> > > @@ -40,6 +40,12 @@
> > > #include <iface.h>
> > >
> > > #define nft_mon_print(monh, ...) nft_print(monh->ctx->octx, __VA_ARGS__)
> > > +#define nftnl_mon_print(monh, type, obj, event) \
> > > + if (monh->ctx->octx->output_fp) { \
> > > + nftnl_##type##_fprintf(monh->ctx->octx->output_fp, \
> > > + obj, monh->format, \
> > > + netlink_msg2nftnl_of(event)); \
> > > + }
> >
> > Wait.
> >
> > Can't we just change nftnl_*_fprintf to do nothing if output_fp is
> > NULL.
> >
> > That should be safe.
>
> Looks like you just caught me trying to avoid changing libnftnl. :D
>
> Yet I still consider the macro valuable since it avoids the nasty
> pointer deref chain.
>
> I'll prepare a patch to libnftnl and then provide v2 of this patch with
> simplified nftnl_mon_print() macro. ACK?
I wonder if we can just avoid such change by making sure that
monh->ctx->octx->output_fp is always set.
May that work too?
next prev parent reply other threads:[~2017-11-16 13:57 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-16 8:06 [nft PATCH 0/2] Review code regarding output_fp Phil Sutter
2017-11-16 8:06 ` [nft PATCH 1/2] Make 'nft export' respect output_fp Phil Sutter
2017-11-16 8:06 ` [nft PATCH 2/2] monitor: Make JSON output " Phil Sutter
2017-11-16 13:38 ` Pablo Neira Ayuso
2017-11-16 13:54 ` Phil Sutter
2017-11-16 13:57 ` Pablo Neira Ayuso [this message]
2017-11-16 13:54 ` Pablo Neira Ayuso
2017-11-16 13:58 ` Phil Sutter
2017-11-16 14:12 ` Pablo Neira Ayuso
2017-11-16 14:19 ` Phil Sutter
2017-11-16 14:32 ` Pablo Neira Ayuso
2017-11-16 19:14 ` [nft PATCH RFC] libnftables: Make output_fp default to /dev/null Phil Sutter
2017-11-20 12:32 ` Pablo Neira Ayuso
2017-11-20 12:33 ` Pablo Neira Ayuso
2017-11-20 12:38 ` Phil Sutter
2017-11-20 12:47 ` Pablo Neira Ayuso
2017-11-20 15:54 ` [nft PATCH] libnftables: Ensure output_fp is never NULL Phil Sutter
2017-11-22 12:17 ` Pablo Neira Ayuso
2017-11-16 13:34 ` [nft PATCH 0/2] Review code regarding output_fp Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171116135742.GA13598@salvia \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=phil@nwl.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.