From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel <netfilter-devel@vger.kernel.org>
Subject: Re: api: add connlabel api and attribute
Date: Sun, 3 Feb 2013 10:59:21 +0100 [thread overview]
Message-ID: <20130203095921.GA3560@localhost> (raw)
In-Reply-To: <20130202204811.GA32078@breakpoint.cc>
On Sat, Feb 02, 2013 at 09:48:11PM +0100, Florian Westphal wrote:
> Hi.
>
> I was about to push the pending connlabel patches
> for libnetfilter_conntrack, but then noticed one important
> point, namely, handling of ATTR_CONNLABEL with nfct_set_attr().
>
> The existing setters all copy their argument, but the current connlabel
> setter only assigns the pointer, i.e., 'ownership' of the bitmask object
> is then tied to conntrack object. This may not be whats expected.
>
> Should I make this change:
>
> set_attr_connlabels(struct nf_conntrack *ct, const void *value, size_t len)
> {
> - ct->connlabels = (void *) value;
> + ct->connlabels = nfct_bitmask_clone(value);
> }
>
> to avoid this or not?
To attach expectations to master conntracks, we pass the object via
the setter without cloning it.
So my suggestion is to document how it works and leave it as is. BTW,
make sure that object is released in the nfct_destroy path if you do
so.
Regards.
next prev parent reply other threads:[~2013-02-03 9:59 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-23 22:38 [PATCH 0/4] libnetfilter_conntrack: connlabel support Florian Westphal
2013-01-23 22:38 ` [PATCH 1/4] api: add nfct_bitmask object Florian Westphal
2013-01-23 22:38 ` [PATCH 2/4] api: add connlabel api and attribute Florian Westphal
2013-02-02 20:48 ` Florian Westphal
2013-02-03 9:59 ` Pablo Neira Ayuso [this message]
2013-02-03 12:02 ` Florian Westphal
2013-01-23 22:38 ` [PATCH 3/4] examples: add connlabel dump/set/clear demo programs Florian Westphal
2013-01-23 22:38 ` [PATCH 4/4] api: add CTA_LABEL_MASK attribute handling Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130203095921.GA3560@localhost \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).