[PATCH 07/19] netfilter: ctnetlink: use expect instead of master tuple in get operation

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: pablo@netfilter.org
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 07/19] netfilter: ctnetlink: use expect instead of master tuple in get operation
Date: Sun, 25 Dec 2011 02:57:23 +0100	[thread overview]
Message-ID: <1324778255-2830-8-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1324778255-2830-1-git-send-email-pablo@netfilter.org>

From: Pablo Neira Ayuso <pablo@netfilter.org>

Use the expect tuple (if possible) instead of the master tuple for
the get operation. If two or more expectations come from the same
master, the returned expectation may not be the one that user-space
is requesting.

This is how it works for the expect deletion operation.

Although I think that nobody has been seriously using this. We
accept both possibilities, using the expect tuple if possible.
I decided to do it like this to avoid breaking backward
compatibility.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_conntrack_netlink.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index a36e655..77d209c 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1851,7 +1851,9 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
 	if (err < 0)
 		return err;
 
-	if (cda[CTA_EXPECT_MASTER])
+	if (cda[CTA_EXPECT_TUPLE])
+		err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE, u3);
+	else if (cda[CTA_EXPECT_MASTER])
 		err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_MASTER, u3);
 	else
 		return -EINVAL;
-- 
1.7.2.5

next prev parent reply	other threads:[~2011-12-25  1:57 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-12-25  1:57 [PATCH 00/19] netfilter updates for net-next (upcoming 3.3) pablo
2011-12-25  1:57 ` [PATCH 01/19] net: ipv4: export fib_lookup and fib_table_lookup pablo
2011-12-25  1:57 ` [PATCH 02/19] netfilter: add ipv4 reverse path filter match pablo
2011-12-25  1:57 ` [PATCH 03/19] ipv6: add ip6_route_lookup pablo
2011-12-25  1:57 ` [PATCH 04/19] netfilter: add ipv6 reverse path filter match pablo
2011-12-25  1:57 ` [PATCH 05/19] IPVS: Modify the SH scheduler to use weights pablo
2011-12-25  1:57 ` [PATCH 06/19] netfilter: nf_conntrack: use atomic64 for accounting counters pablo
2012-01-03 12:01   ` David Laight
2012-01-03 13:31     ` Eric Dumazet
2012-01-03 13:37       ` Eric Dumazet
2012-01-03 17:05         ` Eric Dumazet
2011-12-25  1:57 ` pablo [this message]
2011-12-25  1:57 ` [PATCH 08/19] netfilter: ctnetlink: support individual atomic-get-and-reset of counters pablo
2011-12-25  1:57 ` [PATCH 09/19] netfilter: rework user-space expectation helper support pablo
2011-12-25  1:57 ` [PATCH 10/19] netfilter: nf_nat: export NAT definitions to userspace pablo
2011-12-25  1:57 ` [PATCH 11/19] netfilter: nf_nat: use hash random for bysource hash pablo
2011-12-25  1:57 ` [PATCH 12/19] netfilter: nf_nat: add missing nla_policy entry for CTA_NAT_PROTO attribute pablo
2011-12-25  1:57 ` [PATCH 13/19] netfilter: nat: remove module reference counting from NAT protocols pablo
2011-12-25  1:57 ` [PATCH 14/19] netfilter: nf_nat: remove obsolete code from nf_nat_icmp_reply_translation() pablo
2011-12-25  1:57 ` [PATCH 15/19] netfilter: nf_nat: remove obsolete check in nf_nat_mangle_udp_packet() pablo
2011-12-25  1:57 ` [PATCH 16/19] netfilter: ctnetlink: remove dead NAT code pablo
2011-12-25  1:57 ` [PATCH 17/19] netfilter: ctnetlink: get and zero operations must be atomic pablo
2011-12-25  1:57 ` [PATCH 18/19] netfilter: add extended accounting infrastructure over nfnetlink pablo
2011-12-25  1:57 ` [PATCH 19/19] netfilter: xtables: add nfacct match to support extended accounting pablo
2011-12-25  8:12 ` [PATCH 00/19] netfilter updates for net-next (upcoming 3.3) David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a36e655 dfblob:77d209c )
 OR (
bs:"[PATCH 07/19] netfilter: ctnetlink: use expect instead of master tuple in get operation" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1324778255-2830-8-git-send-email-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).