* [PATCH 0/1] ipset fix for nf/net
@ 2013-04-13 12:51 Jozsef Kadlecsik
2013-04-13 12:51 ` [PATCH 1/1] netfilter: ipset: bitmap:ip,mac: fix listing with timeout Jozsef Kadlecsik
0 siblings, 1 reply; 5+ messages in thread
From: Jozsef Kadlecsik @ 2013-04-13 12:51 UTC (permalink / raw)
To: netfilter-devel; +Cc: Pablo Neira Ayuso, Yoann JUET
Hi Pablo,
Since the last batch of ipset related patches there have been a bugreport
and the next patch fixes it. Please consider applying it.
Best regards,
Jozsef
The following changes since commit c2d421e171868586939c328dfb91bab840fe4c49:
Florian Westphal (1):
netfilter: nf_nat: fix race when unloading protocol modules
are available in the git repository at:
git://blackhole.kfki.hu/nf master
Jozsef Kadlecsik (1):
netfilter: ipset: bitmap:ip,mac: fix listing with timeout
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
^ permalink raw reply [flat|nested] 5+ messages in thread* [PATCH 1/1] netfilter: ipset: bitmap:ip,mac: fix listing with timeout 2013-04-13 12:51 [PATCH 0/1] ipset fix for nf/net Jozsef Kadlecsik @ 2013-04-13 12:51 ` Jozsef Kadlecsik 2013-04-16 17:44 ` Pablo Neira Ayuso 0 siblings, 1 reply; 5+ messages in thread From: Jozsef Kadlecsik @ 2013-04-13 12:51 UTC (permalink / raw) To: netfilter-devel; +Cc: Pablo Neira Ayuso, Yoann JUET The type when timeout support was enabled, could not list all elements, just the first ones which could fit into one netlink message: it just did not continue listing after the first message. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> --- net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c index 0f92dc2..d7df6ac 100644 --- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c +++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c @@ -339,7 +339,11 @@ bitmap_ipmac_tlist(const struct ip_set *set, nla_put_failure: nla_nest_cancel(skb, nested); ipset_nest_end(skb, atd); - return -EMSGSIZE; + if (unlikely(id == first)) { + cb->args[2] = 0; + return -EMSGSIZE; + } + return 0; } static int -- 1.7.0.4 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] netfilter: ipset: bitmap:ip,mac: fix listing with timeout 2013-04-13 12:51 ` [PATCH 1/1] netfilter: ipset: bitmap:ip,mac: fix listing with timeout Jozsef Kadlecsik @ 2013-04-16 17:44 ` Pablo Neira Ayuso 2013-04-16 19:16 ` Jozsef Kadlecsik 0 siblings, 1 reply; 5+ messages in thread From: Pablo Neira Ayuso @ 2013-04-16 17:44 UTC (permalink / raw) To: Jozsef Kadlecsik; +Cc: netfilter-devel, Yoann JUET Hi Jozsef, On Sat, Apr 13, 2013 at 02:51:14PM +0200, Jozsef Kadlecsik wrote: > The type when timeout support was enabled, could not list all elements, > just the first ones which could fit into one netlink message: it just > did not continue listing after the first message. > > Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> > --- > net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++++- > 1 files changed, 5 insertions(+), 1 deletions(-) > > diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c > index 0f92dc2..d7df6ac 100644 > --- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c > +++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c > @@ -339,7 +339,11 @@ bitmap_ipmac_tlist(const struct ip_set *set, > nla_put_failure: > nla_nest_cancel(skb, nested); > ipset_nest_end(skb, atd); I think this ipset_nest_end should be after the id == first checking. It doesn't make sense for the -EMSGSIZE case. BTW, in the first message, where `first' is unset, id will never equal first and you will always return success even if you could not add one single nested attribute into the message. > - return -EMSGSIZE; > + if (unlikely(id == first)) { > + cb->args[2] = 0; > + return -EMSGSIZE; > + } > + return 0; Regards. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] netfilter: ipset: bitmap:ip,mac: fix listing with timeout 2013-04-16 17:44 ` Pablo Neira Ayuso @ 2013-04-16 19:16 ` Jozsef Kadlecsik 2013-04-18 22:05 ` Pablo Neira Ayuso 0 siblings, 1 reply; 5+ messages in thread From: Jozsef Kadlecsik @ 2013-04-16 19:16 UTC (permalink / raw) To: Pablo Neira Ayuso; +Cc: netfilter-devel, Yoann JUET Hi Pablo, On Tue, 16 Apr 2013, Pablo Neira Ayuso wrote: > On Sat, Apr 13, 2013 at 02:51:14PM +0200, Jozsef Kadlecsik wrote: > > The type when timeout support was enabled, could not list all elements, > > just the first ones which could fit into one netlink message: it just > > did not continue listing after the first message. > > > > Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> > > --- > > net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++++- > > 1 files changed, 5 insertions(+), 1 deletions(-) > > > > diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c > > index 0f92dc2..d7df6ac 100644 > > --- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c > > +++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c > > @@ -339,7 +339,11 @@ bitmap_ipmac_tlist(const struct ip_set *set, > > nla_put_failure: > > nla_nest_cancel(skb, nested); > > ipset_nest_end(skb, atd); > > I think this ipset_nest_end should be after the id == first checking. > It doesn't make sense for the -EMSGSIZE case. Yes, that could be moved there - candidate for the nf-next tree? > BTW, in the first message, where `first' is unset, id will never equal > first and you will always return success even if you could not add one > single nested attribute into the message. "first" is always initialized: it's either zero (the id of the first entry) or the id of the next one where listing must be continued. Best regards, Jozsef - E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] netfilter: ipset: bitmap:ip,mac: fix listing with timeout 2013-04-16 19:16 ` Jozsef Kadlecsik @ 2013-04-18 22:05 ` Pablo Neira Ayuso 0 siblings, 0 replies; 5+ messages in thread From: Pablo Neira Ayuso @ 2013-04-18 22:05 UTC (permalink / raw) To: Jozsef Kadlecsik; +Cc: netfilter-devel, Yoann JUET Hi Jozsef, On Tue, Apr 16, 2013 at 09:16:18PM +0200, Jozsef Kadlecsik wrote: > Hi Pablo, > > On Tue, 16 Apr 2013, Pablo Neira Ayuso wrote: > > > On Sat, Apr 13, 2013 at 02:51:14PM +0200, Jozsef Kadlecsik wrote: > > > The type when timeout support was enabled, could not list all elements, > > > just the first ones which could fit into one netlink message: it just > > > did not continue listing after the first message. > > > > > > Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> > > > --- > > > net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++++- > > > 1 files changed, 5 insertions(+), 1 deletions(-) > > > > > > diff --git a/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/net/netfilter/ipset/ip_set_bitmap_ipmac.c > > > index 0f92dc2..d7df6ac 100644 > > > --- a/net/netfilter/ipset/ip_set_bitmap_ipmac.c > > > +++ b/net/netfilter/ipset/ip_set_bitmap_ipmac.c > > > @@ -339,7 +339,11 @@ bitmap_ipmac_tlist(const struct ip_set *set, > > > nla_put_failure: > > > nla_nest_cancel(skb, nested); > > > ipset_nest_end(skb, atd); > > > > I think this ipset_nest_end should be after the id == first checking. > > It doesn't make sense for the -EMSGSIZE case. > > Yes, that could be moved there - candidate for the nf-next tree? Yes. This is not critical, send me a follow up this in a follow up patch for nf-next. > > BTW, in the first message, where `first' is unset, id will never equal > > first and you will always return success even if you could not add one > > single nested attribute into the message. > > "first" is always initialized: it's either zero (the id of the first > entry) or the id of the next one where listing must be continued. I see, that's OK. I have applied this patch. Thanks. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-04-18 22:06 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-04-13 12:51 [PATCH 0/1] ipset fix for nf/net Jozsef Kadlecsik 2013-04-13 12:51 ` [PATCH 1/1] netfilter: ipset: bitmap:ip,mac: fix listing with timeout Jozsef Kadlecsik 2013-04-16 17:44 ` Pablo Neira Ayuso 2013-04-16 19:16 ` Jozsef Kadlecsik 2013-04-18 22:05 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).