* Problem compiling nftables kernel
@ 2013-09-19 9:28 Bjørnar Ness
2013-09-19 10:07 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Bjørnar Ness @ 2013-09-19 9:28 UTC (permalink / raw)
To: netfilter-devel
git: 6b92ef23eb12021c5ffe3ff03f60f6e0359c02c2
x86_64
net/netfilter/nft_meta.c: In function ‘nft_meta_eval’:
net/netfilter/nft_meta.c:82:17: error: incompatible types when
assigning to type ‘u32’ from type ‘kuid_t’
net/netfilter/nft_meta.c:88:17: error: incompatible types when
assigning to type ‘u32’ from type ‘kgid_t’
--
Bj(/)rnar
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Problem compiling nftables kernel
2013-09-19 9:28 Problem compiling nftables kernel Bjørnar Ness
@ 2013-09-19 10:07 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2013-09-19 10:07 UTC (permalink / raw)
To: Bjørnar Ness; +Cc: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 475 bytes --]
On Thu, Sep 19, 2013 at 11:28:31AM +0200, Bjørnar Ness wrote:
> git: 6b92ef23eb12021c5ffe3ff03f60f6e0359c02c2
>
> x86_64
>
> net/netfilter/nft_meta.c: In function ‘nft_meta_eval’:
> net/netfilter/nft_meta.c:82:17: error: incompatible types when
> assigning to type ‘u32’ from type ‘kuid_t’
> net/netfilter/nft_meta.c:88:17: error: incompatible types when
> assigning to type ‘u32’ from type ‘kgid_t’
Please, give a try to the attached patch.
Thanks.
[-- Attachment #2: meta.patch --]
[-- Type: text/x-diff, Size: 1771 bytes --]
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index 84256bc..4c6998d 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -16,6 +16,7 @@
#include <linux/netfilter/nf_tables.h>
#include <net/dst.h>
#include <net/sock.h>
+#include <net/tcp_states.h> /* for TCP_TIME_WAIT */
#include <net/netfilter/nf_tables.h>
struct nft_meta {
@@ -76,16 +77,35 @@ static void nft_meta_eval(const struct nft_expr *expr,
*(u16 *)dest->data = out->type;
break;
case NFT_META_SKUID:
- if (skb->sk == NULL || skb->sk->sk_socket == NULL ||
- skb->sk->sk_socket->file == NULL)
+ if (skb->sk == NULL || skb->sk->sk_state == TCP_TIME_WAIT)
goto err;
- dest->data[0] = skb->sk->sk_socket->file->f_cred->fsuid;
+
+ read_lock_bh(&skb->sk->sk_callback_lock);
+ if (skb->sk->sk_socket == NULL ||
+ skb->sk->sk_socket->file == NULL) {
+ read_unlock_bh(&skb->sk->sk_callback_lock);
+ goto err;
+ }
+
+ dest->data[0] =
+ from_kuid_munged(&init_user_ns,
+ skb->sk->sk_socket->file->f_cred->fsuid);
+ read_unlock_bh(&skb->sk->sk_callback_lock);
break;
case NFT_META_SKGID:
- if (skb->sk == NULL || skb->sk->sk_socket == NULL ||
- skb->sk->sk_socket->file == NULL)
+ if (skb->sk == NULL || skb->sk->sk_state == TCP_TIME_WAIT)
+ goto err;
+
+ read_lock_bh(&skb->sk->sk_callback_lock);
+ if (skb->sk->sk_socket == NULL ||
+ skb->sk->sk_socket->file == NULL) {
+ read_unlock_bh(&skb->sk->sk_callback_lock);
goto err;
- dest->data[0] = skb->sk->sk_socket->file->f_cred->fsgid;
+ }
+ dest->data[0] =
+ from_kuid_munged(&init_user_ns,
+ skb->sk->sk_socket->file->f_cred->fsgid);
+ read_unlock_bh(&skb->sk->sk_callback_lock);
break;
#ifdef CONFIG_NET_CLS_ROUTE
case NFT_META_RTCLASSID: {
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-09-19 10:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-19 9:28 Problem compiling nftables kernel Bjørnar Ness
2013-09-19 10:07 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).