Re: [PATCH] ctnetlink: Make expect events work

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Marcus Sundberg <marcus@ingate.com>
To: Pablo Neira Ayuso <pablo@eurodev.net>
Cc: Harald Welte <laforge@netfilter.org>,
	netfilter-devel@lists.netfilter.org,
	Patrick McHardy <kaber@trash.net>
Subject: Re: [PATCH] ctnetlink: Make expect events work
Date: Fri, 13 Jan 2006 11:54:58 +0100	[thread overview]
Message-ID: <43C78702.1020807@ingate.com> (raw)
In-Reply-To: <43C6F256.7040306@eurodev.net>

Pablo Neira Ayuso wrote:
> Marcus Sundberg wrote:
> 
>>expectation events are improperly tagged in the current ctnetlink
>>code, this patch makes them work.
> 
> Please, be more accurate with your descriptions. The expectation events
> are working just fine since NFNL_SUBSYS_CTNETLINK and
> NFNL_SUBSYS_CTNETLINK_EXP messages are handled similarly by
> libnetfilter_conntrack.
> 
> I agree that it's improperly tagged, so I like the change, but it's not
> a fix and it shouldn't go to -stable, it's a cleanup. Thanks!

Hi,

I disagree with that. libnetfilter_conntrack happens to work because
it uses a different handler callback depending on what kind of data
it *expects* to receive, and lacks a check for what kind of data it
actually *is* receiving.

Without properly checking the subsystem there is no way of *knowing*
whether type 0 and attribute 1 in a netlink reply means IPCTNL_MSG_CT_NEW
and CTA_TUPLE_ORIG or if they mean IPCTNL_MSG_EXP_NEW and CTA_EXPECT_MASTER.
You can only guess based on what netlink requests you have previously
sent to the kernel and your knowledge about current kernel internals.

It may work, but it's not the way to make robust APIs.

//Marcus
-- 
---------------------------------------+--------------------------
   Marcus Sundberg <marcus@ingate.com>  | Firewalls with SIP & NAT
  Software Developer, Ingate Systems AB |  http://www.ingate.com/

     prev parent reply	other threads:[~2006-01-13 10:54 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-01-12 19:08 [PATCH] ctnetlink: Make expect events work Marcus Sundberg
2006-01-12 21:03 ` Patrick McHardy
2006-01-12 21:11   ` Marcus Sundberg
2006-01-13  0:20 ` Pablo Neira Ayuso
2006-01-13 10:54   ` Marcus Sundberg [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43C78702.1020807@ingate.com \
    --to=marcus@ingate.com \
    --cc=kaber@trash.net \
    --cc=laforge@netfilter.org \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=pablo@eurodev.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.