* [PATCH nft] rule: check for EINTR error from cache_init_objects() for stateful objects
@ 2017-01-24 18:36 Pablo Neira Ayuso
2017-01-24 18:36 ` [PATCH nft] tests: shell: validate set size Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira Ayuso @ 2017-01-24 18:36 UTC (permalink / raw)
To: netfilter-devel
Catch -1 case, so we have a chance to handle EINTR.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/rule.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/rule.c b/src/rule.c
index f2ffd4b27e8a..b5181a90f795 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -96,10 +96,9 @@ static int cache_init_objects(struct netlink_ctx *ctx, enum cmd_ops cmd)
list_splice_tail_init(&ctx->list, &table->chains);
if (cmd != CMD_RESET) {
- /* Don't check for errors on listings, this would break
- * nft with old kernels with no stateful object support.
- */
- netlink_list_objs(ctx, &table->handle, &internal_location);
+ ret = netlink_list_objs(ctx, &table->handle, &internal_location);
+ if (ret < 0)
+ return -1;
list_splice_tail_init(&ctx->list, &table->objs);
}
--
2.1.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH nft] tests: shell: validate set size
2017-01-24 18:36 [PATCH nft] rule: check for EINTR error from cache_init_objects() for stateful objects Pablo Neira Ayuso
@ 2017-01-24 18:36 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2017-01-24 18:36 UTC (permalink / raw)
To: netfilter-devel
Add two tests to make sure that set size checks work fine:
1) Check if set size is indeed working, this is a simple one.
2) Check if set size is correct after ENFILE error, there is bug that
adds a new spare slot everytime we hit this.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
tests/shell/testcases/sets/0018set_check_size_1 | 8 ++++++++
tests/shell/testcases/sets/0019set_check_size_0 | 20 ++++++++++++++++++++
2 files changed, 28 insertions(+)
create mode 100755 tests/shell/testcases/sets/0018set_check_size_1
create mode 100755 tests/shell/testcases/sets/0019set_check_size_0
diff --git a/tests/shell/testcases/sets/0018set_check_size_1 b/tests/shell/testcases/sets/0018set_check_size_1
new file mode 100755
index 000000000000..833b8e2bd877
--- /dev/null
+++ b/tests/shell/testcases/sets/0018set_check_size_1
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -e
+$NFT add table x
+$NFT add set x s {type ipv4_addr\; size 2\;}
+$NFT add element x s {1.1.1.1}
+$NFT add element x s {1.1.1.2}
+$NFT add element x s {1.1.1.3}
diff --git a/tests/shell/testcases/sets/0019set_check_size_0 b/tests/shell/testcases/sets/0019set_check_size_0
new file mode 100755
index 000000000000..c20970838bf9
--- /dev/null
+++ b/tests/shell/testcases/sets/0019set_check_size_0
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+$NFT add table x
+$NFT add set x s {type ipv4_addr\; size 2\;}
+$NFT add element x s {1.1.1.1}
+$NFT add element x s {1.1.1.2}
+
+$NFT add element x s { 1.1.1.3 } 2>/dev/null
+if [ $? -eq 0 ]; then
+ echo "E: set is full, but element was added" >&2
+ exit 1
+fi
+#
+# Try again, this helps us catch incorrect set->nelems decrement from abort path
+#
+$NFT add element x s { 1.1.1.3 } 2>/dev/null
+if [ $? -eq 0 ]; then
+ echo "E: set is full, but element was added" >&2
+ exit 1
+fi
--
2.1.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-01-24 18:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-24 18:36 [PATCH nft] rule: check for EINTR error from cache_init_objects() for stateful objects Pablo Neira Ayuso
2017-01-24 18:36 ` [PATCH nft] tests: shell: validate set size Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).