From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 25/35] netfilter: nfnetlink_log: consolidate check for instance in nfulnl_recv_config()
Date: Sat, 17 Oct 2015 13:33:00 +0200 [thread overview]
Message-ID: <1445081590-2924-26-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1445081590-2924-1-git-send-email-pablo@netfilter.org>
This patch consolidates the check for valid logger instance once we have
passed the command handling:
The config message that we receive may contain the following info:
1) Command only: We always get a valid instance pointer if we just
created it. In case that the instance is being destroyed or the
command is unknown, we jump to exit path of nfulnl_recv_config().
This patch doesn't modify this handling.
2) Config only: In this case, the instance must always exist since the
user is asking for configuration updates. If the instance doesn't exist
this returns -ENODEV.
3) No command and no configs are specified: This case is rare. The
user is sending us a config message with neither commands nor
config options. In this case, we have to check if the instance exists
and bail out otherwise. Before this patch, it was possible to send a
config message with no command and no config updates for an
unexisting instance without triggering an error. So this is the only
case that changes.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Tested-by: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
---
net/netfilter/nfnetlink_log.c | 28 +++++-----------------------
1 file changed, 5 insertions(+), 23 deletions(-)
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index f8d9bd8..2002d57 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -874,16 +874,15 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
ret = -ENOTSUPP;
break;
}
+ } else if (!inst) {
+ ret = -ENODEV;
+ goto out;
}
if (nfula[NFULA_CFG_MODE]) {
- struct nfulnl_msg_config_mode *params;
- params = nla_data(nfula[NFULA_CFG_MODE]);
+ struct nfulnl_msg_config_mode *params =
+ nla_data(nfula[NFULA_CFG_MODE]);
- if (!inst) {
- ret = -ENODEV;
- goto out;
- }
nfulnl_set_mode(inst, params->copy_mode,
ntohl(params->copy_range));
}
@@ -891,41 +890,24 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
if (nfula[NFULA_CFG_TIMEOUT]) {
__be32 timeout = nla_get_be32(nfula[NFULA_CFG_TIMEOUT]);
- if (!inst) {
- ret = -ENODEV;
- goto out;
- }
nfulnl_set_timeout(inst, ntohl(timeout));
}
if (nfula[NFULA_CFG_NLBUFSIZ]) {
__be32 nlbufsiz = nla_get_be32(nfula[NFULA_CFG_NLBUFSIZ]);
- if (!inst) {
- ret = -ENODEV;
- goto out;
- }
nfulnl_set_nlbufsiz(inst, ntohl(nlbufsiz));
}
if (nfula[NFULA_CFG_QTHRESH]) {
__be32 qthresh = nla_get_be32(nfula[NFULA_CFG_QTHRESH]);
- if (!inst) {
- ret = -ENODEV;
- goto out;
- }
nfulnl_set_qthresh(inst, ntohl(qthresh));
}
if (nfula[NFULA_CFG_FLAGS]) {
u16 flags = ntohs(nla_get_be16(nfula[NFULA_CFG_FLAGS]));
- if (!inst) {
- ret = -ENODEV;
- goto out;
- }
-
if (flags & NFULNL_CFG_F_CONNTRACK &&
!rcu_access_pointer(nfnl_ct_hook)) {
#ifdef CONFIG_MODULES
--
2.1.4
next prev parent reply other threads:[~2015-10-17 11:26 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-17 11:32 [PATCH 00/35] Netfilter/IPVS updates for net-next Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 01/35] ipvs: Don't protect ip_vs_addr_is_unicast with CONFIG_SYSCTL Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 02/35] netfilter: nfnetlink_queue: get rid of nfnetlink_queue_ct.c Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 03/35] netfilter: rename nfnetlink_queue_core.c to nfnetlink_queue.c Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 04/35] netfilter: nfnetlink_queue: use y2038 safe timestamp Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 05/35] netfilter: remove dead code Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 06/35] netfilter: nfnetlink_queue: rename related to nfqueue attaching conntrack info Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 07/35] netfilter: Kconfig rename QUEUE_CT to GLUE_CT Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 08/35] netfilter: ctnetlink: add const qualifier to nfnl_hook.get_ct Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 09/35] netfilter: nfnetlink_log: allow to attach conntrack Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 10/35] ipvs: Remove possibly unused variable from ip_vs_out Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 11/35] ipvs: Remove possibly unused variables from ip_vs_conn_net_{init,cleanup} Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 12/35] netfilter: xt_CT: don't put back reference to timeout policy object Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 13/35] netfilter: conntrack: fix crash on timeout object removal Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 14/35] nfnetlink_cttimeout: add rcu_barrier() on module removal Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 15/35] netfilter: bridge: avoid unused label warning Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 16/35] netfilter: nfnetlink_log: autoload nf_conntrack_netlink module NFQA_CFG_F_CONNTRACK config flag Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 17/35] netfilter: nfqueue: don't use prev pointer Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 18/35] netfilter: ip6_tables: label placement Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 19/35] netfilter: ip6_tables: function definition layout Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 20/35] netfilter: ipv6: code indentation Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 21/35] netfilter: ipv6: whitespace around operators Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 22/35] netfilter: ip6_tables: ternary operator layout Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 23/35] netfilter: ip6_tables: improve if statements Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 24/35] netfilter: ipv6: pointer cast layout Pablo Neira Ayuso
2015-10-17 11:33 ` Pablo Neira Ayuso [this message]
2015-10-17 11:33 ` [PATCH 26/35] netfilter: nfnetlink_log: validate dependencies to avoid breaking atomicity Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 27/35] netfilter: remove hook owner refcounting Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 28/35] netfilter: make nf_queue_entry_get_refs return void Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 29/35] netfilter: nf_queue: remove rcu_read_lock calls Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 30/35] netfilter: turn NF_HOOK into an inline function Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 31/35] netfilter: ipv4: label placement Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 32/35] netfilter: ipv4: ternary operator layout Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 33/35] netfilter: ipv4: function definition layout Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 34/35] netfilter: ipv4: code indentation Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 35/35] netfilter: ipv4: whitespace around operators Pablo Neira Ayuso
2015-10-17 13:07 ` [PATCH 00/35] Netfilter/IPVS updates for net-next David Miller
2015-10-17 13:38 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1445081590-2924-26-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).