From: Stefano Brivio <sbrivio@redhat.com>
To: David Miller <davem@davemloft.net>,
David Ahern <dsahern@gmail.com>, Martin KaFai Lau <kafai@fb.com>
Cc: Jianlin Shi <jishi@redhat.com>, Wei Wang <weiwan@google.com>,
Eric Dumazet <edumazet@google.com>,
Matti Vaittinen <matti.vaittinen@fi.rohmeurope.com>,
netdev@vger.kernel.org
Subject: [PATCH net v4 2/8] ipv4: Honour NLM_F_MATCH, make semantics of NETLINK_GET_STRICT_CHK consistent
Date: Sat, 15 Jun 2019 03:32:10 +0200 [thread overview]
Message-ID: <58865c4c143d0da40cd417b5b87b49d292d8129d.1560561432.git.sbrivio@redhat.com> (raw)
In-Reply-To: <cover.1560561432.git.sbrivio@redhat.com>
Socket option NETLINK_GET_STRICT_CHK, quoting from commit 89d35528d17d
("netlink: Add new socket option to enable strict checking on dumps"),
is used to "request strict checking of headers and attributes on dump
requests".
If some attributes are set (including flags), setting this option causes
dump functions to filter results according to these attributes, via the
filter_set flag. However, if strict checking is requested, this should
imply that we also filter results based on flags that are *not* set.
This is currently not the case, at least for IPv4 FIB dumps: if the
RTM_F_CLONED flag is not set, and strict checking is required, we should
not return routes with the RTM_F_CLONED flag set.
Set the filter_set flag whenever strict checking is requested, limiting
the scope to IPv4 FIB dumps for the moment being, as other users of the
flag might not present this inconsistency.
Note that this partially duplicates the semantics of NLM_F_MATCH as
described by RFC 3549, par. 3.1.1. Instead of setting a filter based on
the size of the netlink message, properly support NLM_F_MATCH, by
setting a filter via ip_filter_fib_dump_req() and setting the filter_set
flag.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
v4: New patch
net/ipv4/fib_frontend.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 873fc5c4721c..32a04318d725 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -954,10 +954,14 @@ static int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb)
err = ip_filter_fib_dump_req(net, nlh, &filter, cb, true);
if (err < 0)
return err;
- } else if (nlmsg_len(nlh) >= sizeof(struct rtmsg)) {
- struct rtmsg *rtm = nlmsg_data(nlh);
-
- filter.flags = rtm->rtm_flags & (RTM_F_PREFIX | RTM_F_CLONED);
+ filter.filter_set = 1;
+ } else if (nlh->nlmsg_flags & NLM_F_MATCH) {
+ err = ip_filter_fib_dump_req(net, nlh, &filter, cb, false);
+ if (err == -ENODEV)
+ return skb->len;
+ if (err)
+ return err;
+ filter.filter_set = 1;
}
/* fib entries are never clones and ipv4 does not use prefix flag */
--
2.20.1
next prev parent reply other threads:[~2019-06-15 1:32 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-15 1:32 [PATCH net v4 0/8] Fix listing (IPv4, IPv6) and flushing (IPv6) of cached route exceptions Stefano Brivio
2019-06-15 1:32 ` [PATCH net v4 1/8] ipv4/fib_frontend: Rename ip_valid_fib_dump_req, provide non-strict version Stefano Brivio
2019-06-15 2:54 ` David Ahern
2019-06-15 3:13 ` Stefano Brivio
2019-06-15 3:16 ` David Ahern
2019-06-15 3:27 ` Stefano Brivio
2019-06-16 20:04 ` Stefano Brivio
2019-06-17 13:38 ` David Ahern
2019-06-17 14:13 ` Stefano Brivio
2019-06-17 17:06 ` David Ahern
2019-06-17 18:28 ` Stefano Brivio
2019-06-17 13:18 ` David Ahern
2019-06-15 1:32 ` Stefano Brivio [this message]
2019-06-15 3:13 ` [PATCH net v4 2/8] ipv4: Honour NLM_F_MATCH, make semantics of NETLINK_GET_STRICT_CHK consistent David Ahern
2019-06-15 3:23 ` Stefano Brivio
2019-06-17 13:29 ` David Ahern
2019-06-15 1:32 ` [PATCH net v4 3/8] ipv4/fib_frontend: Allow RTM_F_CLONED flag to be used for filtering Stefano Brivio
2019-06-15 1:32 ` [PATCH 4/8] ipv4: Dump routed caches if requested Stefano Brivio
2019-06-15 1:32 ` [PATCH 5/8] Revert "net/ipv6: Bail early if user only wants cloned entries" Stefano Brivio
2019-06-15 1:32 ` [PATCH 6/8] ipv6: Honour NLM_F_MATCH, make semantics of NETLINK_GET_STRICT_CHK consistent Stefano Brivio
2019-06-15 1:32 ` [PATCH 7/8] ipv6: Dump route exceptions too in rt6_dump_route() Stefano Brivio
2019-06-15 1:32 ` [PATCH 8/8] ip6_fib: Don't discard nodes with valid routing information in fib6_locate_1() Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58865c4c143d0da40cd417b5b87b49d292d8129d.1560561432.git.sbrivio@redhat.com \
--to=sbrivio@redhat.com \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=edumazet@google.com \
--cc=jishi@redhat.com \
--cc=kafai@fb.com \
--cc=matti.vaittinen@fi.rohmeurope.com \
--cc=netdev@vger.kernel.org \
--cc=weiwan@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).