From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Yi Chen <yiche@redhat.com>,
netfilter-devel@vger.kernel.org, fw@strlen.de
Subject: Re: [conntrack-tools PATCH] nfct: helper: Extend error message for EEXIST
Date: Thu, 28 Aug 2025 14:30:53 +0200 [thread overview]
Message-ID: <aLBL_W7eNXTTePwb@orbyte.nwl.cc> (raw)
In-Reply-To: <aLBD_Ur0qeT9yLbz@calendula>
On Thu, Aug 28, 2025 at 01:56:45PM +0200, Pablo Neira Ayuso wrote:
> On Thu, Aug 28, 2025 at 01:04:06PM +0200, Phil Sutter wrote:
> > On Thu, Aug 28, 2025 at 12:34:15AM +0200, Pablo Neira Ayuso wrote:
> > > On Mon, Aug 18, 2025 at 11:47:08AM +0800, Yi Chen wrote:
> > > > This patch adds a hint when:
> > > >
> > > > # modprobe nf_conntrack_ftp
> > > > # nfct helper del ftp inet tcp
> > > > # nfct helper add ftp inet tcp
> > > > *nfct v1.4.8: netlink error: File exists*
> > > >
> > > > or other type of helper.
> > >
> > > This patch changes EEXIST by EBUSY:
> > >
> > > https://patchwork.ozlabs.org/project/netfilter-devel/patch/20250818112220.26641-1-phil@nwl.cc/
> > >
> > > This userspace patch is not very useful after this.
> >
> > Oh! I missed that nfnl_cthelper_create() also just passes through the
> > return code from nf_conntrack_helper_register().
> >
> > > So maybe a follow up fix to retain EEXIST for nfnetlink_cthelper in
> > > the kernel is needed?
> > >
> > > I mean, return EEXIST in nfnetlink_cthelper but EBUSY in case of
> > > insmod, ie. add a bool insmod flag to the helper register/unregister
> > > functions to return EBUSY for insmod and EEXIST for
> > > nfnetlink_cthelper.
> >
> > Do we need to retain the old return code?
>
> I have change return codes in the past myself, when I considered error
> reported to userspace was misleading, but I heard once it is a good
> practise not to change them as a general rule.
>
> > I would just update the patch to print the message for EBUSY instead
> > of EEXIST.
>
> It is OK, I could not find any code in conntrackd running in helper
> mode than relies on this error code. The only case that I can think of
> is combining old kernel with new userspace defeats the purpose of this
> patch.
Yes, with old kernels new user space behaviour is same as old user space
(so at least not a degradation).
> Maybe it is not worth the effort to bother about this, judge yourself.
The EBUSY return is consistent with insmod/modprobe return code, so I'd
keep it like this.
Thanks, Phil
prev parent reply other threads:[~2025-08-28 12:30 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-15 15:57 [conntrack-tools PATCH] nfct: helper: Extend error message for EEXIST Phil Sutter
[not found] ` <CAJsUoE2zCJYSvm9_=784BtH26GsRDJGBTn8930wW4ZSU8nTjYA@mail.gmail.com>
2025-08-27 22:34 ` Pablo Neira Ayuso
2025-08-28 11:04 ` Phil Sutter
2025-08-28 11:56 ` Pablo Neira Ayuso
2025-08-28 12:30 ` Phil Sutter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aLBL_W7eNXTTePwb@orbyte.nwl.cc \
--to=phil@nwl.cc \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=yiche@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.