* netfilter 00/02: netfilter fixes
@ 2009-04-17 16:09 Patrick McHardy
2009-04-17 16:09 ` netfilter 01/02: ctnetlink: report error if event message allocation fails Patrick McHardy
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Patrick McHardy @ 2009-04-17 16:09 UTC (permalink / raw)
To: davem; +Cc: netdev, Patrick McHardy, netfilter-devel
Hi Dave,
the following two patches fix two netfilter bugs:
- missing socket notification for ctnetlink skb allocation errors
- an incorrect return code in nfnetlink for netlink_kernel_create() failure
Please apply or pull from:
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git
Thanks!
net/netfilter/nf_conntrack_netlink.c | 10 ++++++----
net/netfilter/nfnetlink.c | 2 +-
2 files changed, 7 insertions(+), 5 deletions(-)
Pablo Neira Ayuso (2):
netfilter: ctnetlink: report error if event message allocation fails
netfilter: nfnetlink: return ENOMEM if we fail to create netlink socket
^ permalink raw reply [flat|nested] 4+ messages in thread
* netfilter 01/02: ctnetlink: report error if event message allocation fails
2009-04-17 16:09 netfilter 00/02: netfilter fixes Patrick McHardy
@ 2009-04-17 16:09 ` Patrick McHardy
2009-04-17 16:09 ` netfilter 02/02: nfnetlink: return ENOMEM if we fail to create netlink socket Patrick McHardy
2009-04-17 22:44 ` netfilter 00/02: netfilter fixes David Miller
2 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2009-04-17 16:09 UTC (permalink / raw)
To: davem; +Cc: netdev, Patrick McHardy, netfilter-devel
commit 150ace0db360373d2016a2497d252138a59c5ba8
Author: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri Apr 17 17:47:31 2009 +0200
netfilter: ctnetlink: report error if event message allocation fails
This patch fixes an inconsistency that results in no error reports
to user-space listeners if we fail to allocate the event message.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index c6439c7..0ea36e0 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -512,7 +512,7 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
skb = ctnetlink_alloc_skb(tuple(ct, IP_CT_DIR_ORIGINAL), GFP_ATOMIC);
if (!skb)
- return NOTIFY_DONE;
+ goto errout;
b = skb->tail;
@@ -591,8 +591,9 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
nla_put_failure:
rcu_read_unlock();
nlmsg_failure:
- nfnetlink_set_err(0, group, -ENOBUFS);
kfree_skb(skb);
+errout:
+ nfnetlink_set_err(0, group, -ENOBUFS);
return NOTIFY_DONE;
}
#endif /* CONFIG_NF_CONNTRACK_EVENTS */
@@ -1564,7 +1565,7 @@ static int ctnetlink_expect_event(struct notifier_block *this,
skb = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC);
if (!skb)
- return NOTIFY_DONE;
+ goto errout;
b = skb->tail;
@@ -1589,8 +1590,9 @@ static int ctnetlink_expect_event(struct notifier_block *this,
nla_put_failure:
rcu_read_unlock();
nlmsg_failure:
- nfnetlink_set_err(0, 0, -ENOBUFS);
kfree_skb(skb);
+errout:
+ nfnetlink_set_err(0, 0, -ENOBUFS);
return NOTIFY_DONE;
}
#endif
^ permalink raw reply related [flat|nested] 4+ messages in thread
* netfilter 02/02: nfnetlink: return ENOMEM if we fail to create netlink socket
2009-04-17 16:09 netfilter 00/02: netfilter fixes Patrick McHardy
2009-04-17 16:09 ` netfilter 01/02: ctnetlink: report error if event message allocation fails Patrick McHardy
@ 2009-04-17 16:09 ` Patrick McHardy
2009-04-17 22:44 ` netfilter 00/02: netfilter fixes David Miller
2 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2009-04-17 16:09 UTC (permalink / raw)
To: davem; +Cc: netdev, Patrick McHardy, netfilter-devel
commit a0142733a7ef2f3476e63938b330026a08c53f37
Author: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri Apr 17 17:48:44 2009 +0200
netfilter: nfnetlink: return ENOMEM if we fail to create netlink socket
With this patch, nfnetlink returns -ENOMEM instead of -EPERM if we
fail to create the nfnetlink netlink socket during the module
loading. This is exactly what rtnetlink does in this case.
Ideally, it would be better if we propagate the error that has
happened in netlink_kernel_create(), however, this function still
does not implement this yet.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 2785d66..b8ab37a 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -203,7 +203,7 @@ static int __init nfnetlink_init(void)
nfnetlink_rcv, NULL, THIS_MODULE);
if (!nfnl) {
printk(KERN_ERR "cannot initialize nfnetlink!\n");
- return -1;
+ return -ENOMEM;
}
return 0;
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: netfilter 00/02: netfilter fixes
2009-04-17 16:09 netfilter 00/02: netfilter fixes Patrick McHardy
2009-04-17 16:09 ` netfilter 01/02: ctnetlink: report error if event message allocation fails Patrick McHardy
2009-04-17 16:09 ` netfilter 02/02: nfnetlink: return ENOMEM if we fail to create netlink socket Patrick McHardy
@ 2009-04-17 22:44 ` David Miller
2 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2009-04-17 22:44 UTC (permalink / raw)
To: kaber; +Cc: netdev, netfilter-devel
From: Patrick McHardy <kaber@trash.net>
Date: Fri, 17 Apr 2009 18:09:13 +0200 (MEST)
> the following two patches fix two netfilter bugs:
>
> - missing socket notification for ctnetlink skb allocation errors
>
> - an incorrect return code in nfnetlink for netlink_kernel_create() failure
>
> Please apply or pull from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git
Pulled, thanks a lot!
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-04-17 22:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-04-17 16:09 netfilter 00/02: netfilter fixes Patrick McHardy
2009-04-17 16:09 ` netfilter 01/02: ctnetlink: report error if event message allocation fails Patrick McHardy
2009-04-17 16:09 ` netfilter 02/02: nfnetlink: return ENOMEM if we fail to create netlink socket Patrick McHardy
2009-04-17 22:44 ` netfilter 00/02: netfilter fixes David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).