netfilter 00/02: netfilter fixes

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* netfilter 00/02: netfilter fixes
@ 2009-04-17 16:09 Patrick McHardy
  2009-04-17 16:09 ` netfilter 01/02: ctnetlink: report error if event message allocation fails Patrick McHardy
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Patrick McHardy @ 2009-04-17 16:09 UTC (permalink / raw)
  To: davem; +Cc: netdev, Patrick McHardy, netfilter-devel

Hi Dave,

the following two patches fix two netfilter bugs:

- missing socket notification for ctnetlink skb allocation errors

- an incorrect return code in nfnetlink for netlink_kernel_create() failure

Please apply or pull from:

git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git

Thanks!


 net/netfilter/nf_conntrack_netlink.c |   10 ++++++----
 net/netfilter/nfnetlink.c            |    2 +-
 2 files changed, 7 insertions(+), 5 deletions(-)

Pablo Neira Ayuso (2):
      netfilter: ctnetlink: report error if event message allocation fails
      netfilter: nfnetlink: return ENOMEM if we fail to create netlink socket

^ permalink raw reply	[flat|nested] 4+ messages in thread

* netfilter 01/02: ctnetlink: report error if event message allocation fails
  2009-04-17 16:09 netfilter 00/02: netfilter fixes Patrick McHardy
@ 2009-04-17 16:09 ` Patrick McHardy
  2009-04-17 16:09 ` netfilter 02/02: nfnetlink: return ENOMEM if we fail to create netlink socket Patrick McHardy
  2009-04-17 22:44 ` netfilter 00/02: netfilter fixes David Miller
  2 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2009-04-17 16:09 UTC (permalink / raw)
  To: davem; +Cc: netdev, Patrick McHardy, netfilter-devel

commit 150ace0db360373d2016a2497d252138a59c5ba8
Author: Pablo Neira Ayuso <pablo@netfilter.org>
Date:   Fri Apr 17 17:47:31 2009 +0200

    netfilter: ctnetlink: report error if event message allocation fails
    
    This patch fixes an inconsistency that results in no error reports
    to user-space listeners if we fail to allocate the event message.
    
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index c6439c7..0ea36e0 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -512,7 +512,7 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
 
 	skb = ctnetlink_alloc_skb(tuple(ct, IP_CT_DIR_ORIGINAL), GFP_ATOMIC);
 	if (!skb)
-		return NOTIFY_DONE;
+		goto errout;
 
 	b = skb->tail;
 
@@ -591,8 +591,9 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
 nla_put_failure:
 	rcu_read_unlock();
 nlmsg_failure:
-	nfnetlink_set_err(0, group, -ENOBUFS);
 	kfree_skb(skb);
+errout:
+	nfnetlink_set_err(0, group, -ENOBUFS);
 	return NOTIFY_DONE;
 }
 #endif /* CONFIG_NF_CONNTRACK_EVENTS */
@@ -1564,7 +1565,7 @@ static int ctnetlink_expect_event(struct notifier_block *this,
 
 	skb = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC);
 	if (!skb)
-		return NOTIFY_DONE;
+		goto errout;
 
 	b = skb->tail;
 
@@ -1589,8 +1590,9 @@ static int ctnetlink_expect_event(struct notifier_block *this,
 nla_put_failure:
 	rcu_read_unlock();
 nlmsg_failure:
-	nfnetlink_set_err(0, 0, -ENOBUFS);
 	kfree_skb(skb);
+errout:
+	nfnetlink_set_err(0, 0, -ENOBUFS);
 	return NOTIFY_DONE;
 }
 #endif

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* netfilter 02/02: nfnetlink: return ENOMEM if we fail to create netlink socket
  2009-04-17 16:09 netfilter 00/02: netfilter fixes Patrick McHardy
  2009-04-17 16:09 ` netfilter 01/02: ctnetlink: report error if event message allocation fails Patrick McHardy
@ 2009-04-17 16:09 ` Patrick McHardy
  2009-04-17 22:44 ` netfilter 00/02: netfilter fixes David Miller
  2 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2009-04-17 16:09 UTC (permalink / raw)
  To: davem; +Cc: netdev, Patrick McHardy, netfilter-devel

commit a0142733a7ef2f3476e63938b330026a08c53f37
Author: Pablo Neira Ayuso <pablo@netfilter.org>
Date:   Fri Apr 17 17:48:44 2009 +0200

    netfilter: nfnetlink: return ENOMEM if we fail to create netlink socket
    
    With this patch, nfnetlink returns -ENOMEM instead of -EPERM if we
    fail to create the nfnetlink netlink socket during the module
    loading. This is exactly what rtnetlink does in this case.
    
    Ideally, it would be better if we propagate the error that has
    happened in netlink_kernel_create(), however, this function still
    does not implement this yet.
    
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 2785d66..b8ab37a 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -203,7 +203,7 @@ static int __init nfnetlink_init(void)
 				     nfnetlink_rcv, NULL, THIS_MODULE);
 	if (!nfnl) {
 		printk(KERN_ERR "cannot initialize nfnetlink!\n");
-		return -1;
+		return -ENOMEM;
 	}
 
 	return 0;

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: netfilter 00/02: netfilter fixes
  2009-04-17 16:09 netfilter 00/02: netfilter fixes Patrick McHardy
  2009-04-17 16:09 ` netfilter 01/02: ctnetlink: report error if event message allocation fails Patrick McHardy
  2009-04-17 16:09 ` netfilter 02/02: nfnetlink: return ENOMEM if we fail to create netlink socket Patrick McHardy
@ 2009-04-17 22:44 ` David Miller
  2 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2009-04-17 22:44 UTC (permalink / raw)
  To: kaber; +Cc: netdev, netfilter-devel

From: Patrick McHardy <kaber@trash.net>
Date: Fri, 17 Apr 2009 18:09:13 +0200 (MEST)

> the following two patches fix two netfilter bugs:
> 
> - missing socket notification for ctnetlink skb allocation errors
> 
> - an incorrect return code in nfnetlink for netlink_kernel_create() failure
> 
> Please apply or pull from:
> 
> git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git

Pulled, thanks a lot!

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2009-04-17 22:44 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-04-17 16:09 netfilter 00/02: netfilter fixes Patrick McHardy
2009-04-17 16:09 ` netfilter 01/02: ctnetlink: report error if event message allocation fails Patrick McHardy
2009-04-17 16:09 ` netfilter 02/02: nfnetlink: return ENOMEM if we fail to create netlink socket Patrick McHardy
2009-04-17 22:44 ` netfilter 00/02: netfilter fixes David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).