* [PATCH 0/1] ipset fix for nf/net
@ 2013-04-13 12:51 Jozsef Kadlecsik
2013-04-13 12:51 ` [PATCH 1/1] netfilter: ipset: bitmap:ip,mac: fix listing with timeout Jozsef Kadlecsik
0 siblings, 1 reply; 5+ messages in thread
From: Jozsef Kadlecsik @ 2013-04-13 12:51 UTC (permalink / raw)
To: netfilter-devel; +Cc: Pablo Neira Ayuso, Yoann JUET
Hi Pablo,
Since the last batch of ipset related patches there have been a bugreport
and the next patch fixes it. Please consider applying it.
Best regards,
Jozsef
The following changes since commit c2d421e171868586939c328dfb91bab840fe4c49:
Florian Westphal (1):
netfilter: nf_nat: fix race when unloading protocol modules
are available in the git repository at:
git://blackhole.kfki.hu/nf master
Jozsef Kadlecsik (1):
netfilter: ipset: bitmap:ip,mac: fix listing with timeout
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/1] netfilter: ipset: bitmap:ip,mac: fix listing with timeout
2013-04-13 12:51 [PATCH 0/1] ipset fix for nf/net Jozsef Kadlecsik
@ 2013-04-13 12:51 ` Jozsef Kadlecsik
2013-04-16 17:44 ` Pablo Neira Ayuso
0 siblings, 1 reply; 5+ messages in thread
From: Jozsef Kadlecsik @ 2013-04-13 12:51 UTC (permalink / raw)
To: netfilter-devel; +Cc: Pablo Neira Ayuso, Yoann JUET
The type when timeout support was enabled, could not list all elements,
just the first ones which could fit into one netlink message: it just
did not continue listing after the first message.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
index 0f92dc2..d7df6ac 100644
--- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
@@ -339,7 +339,11 @@ bitmap_ipmac_tlist(const struct ip_set *set,
nla_put_failure:
nla_nest_cancel(skb, nested);
ipset_nest_end(skb, atd);
- return -EMSGSIZE;
+ if (unlikely(id == first)) {
+ cb->args[2] = 0;
+ return -EMSGSIZE;
+ }
+ return 0;
}
static int
--
1.7.0.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] netfilter: ipset: bitmap:ip,mac: fix listing with timeout
2013-04-13 12:51 ` [PATCH 1/1] netfilter: ipset: bitmap:ip,mac: fix listing with timeout Jozsef Kadlecsik
@ 2013-04-16 17:44 ` Pablo Neira Ayuso
2013-04-16 19:16 ` Jozsef Kadlecsik
0 siblings, 1 reply; 5+ messages in thread
From: Pablo Neira Ayuso @ 2013-04-16 17:44 UTC (permalink / raw)
To: Jozsef Kadlecsik; +Cc: netfilter-devel, Yoann JUET
Hi Jozsef,
On Sat, Apr 13, 2013 at 02:51:14PM +0200, Jozsef Kadlecsik wrote:
> The type when timeout support was enabled, could not list all elements,
> just the first ones which could fit into one netlink message: it just
> did not continue listing after the first message.
>
> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
> ---
> net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++++-
> 1 files changed, 5 insertions(+), 1 deletions(-)
>
> diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> index 0f92dc2..d7df6ac 100644
> --- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> +++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> @@ -339,7 +339,11 @@ bitmap_ipmac_tlist(const struct ip_set *set,
> nla_put_failure:
> nla_nest_cancel(skb, nested);
> ipset_nest_end(skb, atd);
I think this ipset_nest_end should be after the id == first checking.
It doesn't make sense for the -EMSGSIZE case.
BTW, in the first message, where `first' is unset, id will never equal
first and you will always return success even if you could not add one
single nested attribute into the message.
> - return -EMSGSIZE;
> + if (unlikely(id == first)) {
> + cb->args[2] = 0;
> + return -EMSGSIZE;
> + }
> + return 0;
Regards.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] netfilter: ipset: bitmap:ip,mac: fix listing with timeout
2013-04-16 17:44 ` Pablo Neira Ayuso
@ 2013-04-16 19:16 ` Jozsef Kadlecsik
2013-04-18 22:05 ` Pablo Neira Ayuso
0 siblings, 1 reply; 5+ messages in thread
From: Jozsef Kadlecsik @ 2013-04-16 19:16 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, Yoann JUET
Hi Pablo,
On Tue, 16 Apr 2013, Pablo Neira Ayuso wrote:
> On Sat, Apr 13, 2013 at 02:51:14PM +0200, Jozsef Kadlecsik wrote:
> > The type when timeout support was enabled, could not list all elements,
> > just the first ones which could fit into one netlink message: it just
> > did not continue listing after the first message.
> >
> > Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
> > ---
> > net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++++-
> > 1 files changed, 5 insertions(+), 1 deletions(-)
> >
> > diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> > index 0f92dc2..d7df6ac 100644
> > --- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> > +++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> > @@ -339,7 +339,11 @@ bitmap_ipmac_tlist(const struct ip_set *set,
> > nla_put_failure:
> > nla_nest_cancel(skb, nested);
> > ipset_nest_end(skb, atd);
>
> I think this ipset_nest_end should be after the id == first checking.
> It doesn't make sense for the -EMSGSIZE case.
Yes, that could be moved there - candidate for the nf-next tree?
> BTW, in the first message, where `first' is unset, id will never equal
> first and you will always return success even if you could not add one
> single nested attribute into the message.
"first" is always initialized: it's either zero (the id of the first
entry) or the id of the next one where listing must be continued.
Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] netfilter: ipset: bitmap:ip,mac: fix listing with timeout
2013-04-16 19:16 ` Jozsef Kadlecsik
@ 2013-04-18 22:05 ` Pablo Neira Ayuso
0 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2013-04-18 22:05 UTC (permalink / raw)
To: Jozsef Kadlecsik; +Cc: netfilter-devel, Yoann JUET
Hi Jozsef,
On Tue, Apr 16, 2013 at 09:16:18PM +0200, Jozsef Kadlecsik wrote:
> Hi Pablo,
>
> On Tue, 16 Apr 2013, Pablo Neira Ayuso wrote:
>
> > On Sat, Apr 13, 2013 at 02:51:14PM +0200, Jozsef Kadlecsik wrote:
> > > The type when timeout support was enabled, could not list all elements,
> > > just the first ones which could fit into one netlink message: it just
> > > did not continue listing after the first message.
> > >
> > > Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
> > > ---
> > > net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++++-
> > > 1 files changed, 5 insertions(+), 1 deletions(-)
> > >
> > > diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> > > index 0f92dc2..d7df6ac 100644
> > > --- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> > > +++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c
> > > @@ -339,7 +339,11 @@ bitmap_ipmac_tlist(const struct ip_set *set,
> > > nla_put_failure:
> > > nla_nest_cancel(skb, nested);
> > > ipset_nest_end(skb, atd);
> >
> > I think this ipset_nest_end should be after the id == first checking.
> > It doesn't make sense for the -EMSGSIZE case.
>
> Yes, that could be moved there - candidate for the nf-next tree?
Yes. This is not critical, send me a follow up this in a follow up
patch for nf-next.
> > BTW, in the first message, where `first' is unset, id will never equal
> > first and you will always return success even if you could not add one
> > single nested attribute into the message.
>
> "first" is always initialized: it's either zero (the id of the first
> entry) or the id of the next one where listing must be continued.
I see, that's OK.
I have applied this patch. Thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-04-18 22:06 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-04-13 12:51 [PATCH 0/1] ipset fix for nf/net Jozsef Kadlecsik
2013-04-13 12:51 ` [PATCH 1/1] netfilter: ipset: bitmap:ip,mac: fix listing with timeout Jozsef Kadlecsik
2013-04-16 17:44 ` Pablo Neira Ayuso
2013-04-16 19:16 ` Jozsef Kadlecsik
2013-04-18 22:05 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).