From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: fw@strlen.de, mleitner@redhat.com
Subject: [PATCH 2/3] netfilter: nfnetlink_log: improve error handling on __build_packet_message()
Date: Thu, 6 Nov 2014 12:32:29 +0100 [thread overview]
Message-ID: <1415273550-3526-2-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1415273550-3526-1-git-send-email-pablo@netfilter.org>
1) If there's no enough room in the netlink skbuff, then we have a size
miscalculation bug that needs to be fixed, so warn on this. Kill
PRINTR macro now that this is unused.
2) Cancel the netlink message that didn't fit into the skbuff, so we still
have the chance to deliver what is already included in the batch.
3) Don't increment inst->qlen inconditionally. Otherwise, this will not
show the real number of messages in the log batch on error.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nfnetlink_log.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index cd99294..551142f 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -46,9 +46,6 @@
/* max packet size is limited by 16-bit struct nfattr nfa_len field */
#define NFULNL_COPY_RANGE_MAX (0xFFFF - NLA_HDRLEN)
-#define PRINTR(x, args...) do { if (net_ratelimit()) \
- printk(x, ## args); } while (0);
-
struct nfulnl_instance {
struct hlist_node hlist; /* global list of instances */
spinlock_t lock;
@@ -402,7 +399,6 @@ __build_packet_message(struct nfnl_log_net *log,
struct nfulnl_msg_packet_hdr pmsg;
struct nlmsghdr *nlh;
struct nfgenmsg *nfmsg;
- sk_buff_data_t old_tail = inst->skb->tail;
struct sock *sk;
const unsigned char *hwhdrp;
@@ -578,11 +574,15 @@ __build_packet_message(struct nfnl_log_net *log,
BUG();
}
- nlh->nlmsg_len = inst->skb->tail - old_tail;
+ nlmsg_end(inst->skb, nlh);
+ inst->qlen++;
+
return 0;
nla_put_failure:
- PRINTR(KERN_ERR "nfnetlink_log: error creating log nlmsg\n");
+ WARN_ONCE(1, "bad nlskb size: %u, tailroom %d\n",
+ inst->skb->len, skb_tailroom(inst->skb));
+ nlmsg_cancel(inst->skb, nlh);
return -1;
}
@@ -702,8 +702,6 @@ nfulnl_log_packet(struct net *net,
goto alloc_failure;
}
- inst->qlen++;
-
__build_packet_message(log, inst, skb, data_len, pf,
hooknum, in, out, prefix, plen);
--
1.7.10.4
next prev parent reply other threads:[~2014-11-06 11:30 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-06 11:32 [PATCH 1/3] netfilter: nfnetlink_log: remove unnecessary error messages Pablo Neira Ayuso
2014-11-06 11:32 ` Pablo Neira Ayuso [this message]
2014-11-06 17:19 ` [PATCH 2/3] netfilter: nfnetlink_log: improve error handling on __build_packet_message() Marcelo Ricardo Leitner
2014-11-06 11:32 ` [PATCH 3/3] netfilter: nfnetlink_log: Make use of pr_fmt where applicable Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1415273550-3526-2-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=mleitner@redhat.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).