[PATCH 3/4] nfqueue message is on a diet

[PATCH 3/4] nfqueue message is on a diet

[Pablo Neira Ayuso]

[-- Attachment #1: Type: text/plain, Size: 344 bytes --]

[NFNETLINK_QUEUE] nfqueue message is on a diet

Fix oversized message, use NLMSG_SPACE just one since it reserves space
for the netlink header.

Sign-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris

[-- Attachment #2: nfqueue.patch --]
[-- Type: text/plain, Size: 1597 bytes --]

[NFNETLINK_QUEUE] nfqueue message is on a diet

Fix oversized message, use NLMSG_SPACE just one since it reserves space
for the netlink header.

Sign-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Index: net-2.6.git/net/netfilter/nfnetlink_queue.c
===================================================================
--- net-2.6.git.orig/net/netfilter/nfnetlink_queue.c	2006-02-09 17:34:01.000000000 +0100
+++ net-2.6.git/net/netfilter/nfnetlink_queue.c	2006-02-13 01:10:12.000000000 +0100
@@ -354,16 +354,17 @@ nfqnl_build_packet_message(struct nfqnl_
 	QDEBUG("entered\n");
 
 	/* all macros expand to constant values at compile time */
-	size =    NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hdr))
-		+ NLMSG_SPACE(sizeof(u_int32_t))	/* ifindex */
-		+ NLMSG_SPACE(sizeof(u_int32_t))	/* ifindex */
+	size =    NLMSG_SPACE(sizeof(struct nfgenmsg))
+		+ NLMSG_ALIGN(sizeof(struct nfqnl_msg_packet_hdr))
+		+ NLMSG_ALIGN(sizeof(u_int32_t))	/* ifindex */
+		+ NLMSG_ALIGN(sizeof(u_int32_t))	/* ifindex */
 #ifdef CONFIG_BRIDGE_NETFILTER
-		+ NLMSG_SPACE(sizeof(u_int32_t))	/* ifindex */
-		+ NLMSG_SPACE(sizeof(u_int32_t))	/* ifindex */
+		+ NLMSG_ALIGN(sizeof(u_int32_t))	/* ifindex */
+		+ NLMSG_ALIGN(sizeof(u_int32_t))	/* ifindex */
 #endif
-		+ NLMSG_SPACE(sizeof(u_int32_t))	/* mark */
-		+ NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hw))
-		+ NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_timestamp));
+		+ NLMSG_ALIGN(sizeof(u_int32_t))	/* mark */
+		+ NLMSG_ALIGN(sizeof(struct nfqnl_msg_packet_hw))
+		+ NLMSG_ALIGN(sizeof(struct nfqnl_msg_packet_timestamp));
 
 	outdev = entinf->outdev;
 

Re: [PATCH 3/4] nfqueue message is on a diet

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1126 bytes --]

On Mon, Feb 13, 2006 at 03:41:48AM +0100, Pablo Neira Ayuso wrote:
> [NFNETLINK_QUEUE] nfqueue message is on a diet
> 
> Fix oversized message, use NLMSG_SPACE just one since it reserves space
> for the netlink header.

I think before and after your patch, it is wrong in both cases.

What we rally need is: 
- one time NLMSG_SPACE in order to account for the nlmsghdr
- all the other times: 
	Size of struct nfattr 
	+ size of data element 
	+ alignment overhead

So IMHO we should use 1 time NLMSG_SPACE, then NFA_SPACE.  Please let me
know what you think, update your patch and resubmit.

Also, the same kind of fix is probably needed for nfnetlink_log.

> Sign-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Signed-off-by !

-- 
- Harald Welte <laforge@netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]