[Patch net-next] net_sched: act: fix a bug in tcf_register_action()

[Patch net-next] net_sched: act: fix a bug in tcf_register_action()

[Cong Wang]

In tcf_register_action() we check ->type and ->kind to see if there
is an existing action registered, but ipt action registers two
actions with same type but different kinds. This should be a valid
case, otherwise only xt can be registered.

Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>

---
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 35f89e9..2070ee3 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -273,7 +273,7 @@ int tcf_register_action(struct tc_action_ops *act)
 
 	write_lock(&act_mod_lock);
 	list_for_each_entry(a, &act_base, head) {
-		if (act->type == a->type || (strcmp(act->kind, a->kind) == 0)) {
+		if (act->type == a->type && (strcmp(act->kind, a->kind) == 0)) {
 			write_unlock(&act_mod_lock);
 			return -EEXIST;
 		}

Re: [Patch net-next] net_sched: act: fix a bug in tcf_register_action()

[Jamal Hadi Salim]

On 01/14/14 17:48, Cong Wang wrote:
> In tcf_register_action() we check ->type and ->kind to see if there
> is an existing action registered, but ipt action registers two
> actions with same type but different kinds. This should be a valid
> case, otherwise only xt can be registered.
>


We cant allow for conflicts by name or id - we want to catch them.
So just introduce TCA_ACT_XT instead (ID 7)

[
Note: iptables used to be a constant moving API target
and this is supposed to be the latest "backward compat mode".
New kernel/iproute ==> We want to love "xt" more than "ipt".
We infact want to eventually kill "ipt".
but this preference is hard to achieve as you may have run into.
I would be curious how you tested and run into this..
].

cheers,
jamal

> Cc: Jamal Hadi Salim <jhs@mojatatu.com>
> Cc: David S. Miller <davem@davemloft.net>
> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
>
> ---
> diff --git a/net/sched/act_api.c b/net/sched/act_api.c
> index 35f89e9..2070ee3 100644
> --- a/net/sched/act_api.c
> +++ b/net/sched/act_api.c
> @@ -273,7 +273,7 @@ int tcf_register_action(struct tc_action_ops *act)
>
>   	write_lock(&act_mod_lock);
>   	list_for_each_entry(a, &act_base, head) {
> -		if (act->type == a->type || (strcmp(act->kind, a->kind) == 0)) {
> +		if (act->type == a->type && (strcmp(act->kind, a->kind) == 0)) {
>   			write_unlock(&act_mod_lock);
>   			return -EEXIST;
>   		}
>

Re: [Patch net-next] net_sched: act: fix a bug in tcf_register_action()

[Cong Wang]

On Wed, Jan 15, 2014 at 4:34 AM, Jamal Hadi Salim <jhs@mojatatu.com> wrote:
> On 01/14/14 17:48, Cong Wang wrote:
>>
>> In tcf_register_action() we check ->type and ->kind to see if there
>> is an existing action registered, but ipt action registers two
>> actions with same type but different kinds. This should be a valid
>> case, otherwise only xt can be registered.
>>
>
>
> We cant allow for conflicts by name or id - we want to catch them.
> So just introduce TCA_ACT_XT instead (ID 7)

Oh, I thought it is intentional to use the same type for xt and ipt.

>
> [
> Note: iptables used to be a constant moving API target
> and this is supposed to be the latest "backward compat mode".
> New kernel/iproute ==> We want to love "xt" more than "ipt".
> We infact want to eventually kill "ipt".
> but this preference is hard to achieve as you may have run into.
> I would be curious how you tested and run into this..
> ].
>

Just load the module, and you would see an error message. :)