From: Pablo Neira Ayuso <pablo@netfilter.org>
To: valentina.giusti@bmw-carit.de
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org,
jpa@google.com, fw@strnel.de, daniel.wagner@bmw-carit.de
Subject: Re: [PATCH v4 2/2] libnetfilter_queue: add support for UID/GID socket info
Date: Sat, 21 Dec 2013 12:38:04 +0100 [thread overview]
Message-ID: <20131221113804.GA17964@localhost> (raw)
In-Reply-To: <1387556934-7372-3-git-send-email-valentina.giusti@bmw-carit.de>
Hi,
On Fri, Dec 20, 2013 at 05:28:54PM +0100, valentina.giusti@bmw-carit.de wrote:
[...]
> diff --git a/include/libnetfilter_queue/linux_nfnetlink_queue.h b/include/libnetfilter_queue/linux_nfnetlink_queue.h
> index 81a485b..884ab0e 100644
> --- a/include/libnetfilter_queue/linux_nfnetlink_queue.h
> +++ b/include/libnetfilter_queue/linux_nfnetlink_queue.h
> @@ -50,6 +50,8 @@ enum nfqnl_attr_type {
> NFQA_CAP_LEN, /* __u32 length of captured packet */
> NFQA_SKB_INFO, /* __u32 skb meta information */
>
> + NFQA_UID, /* __u32 sk uid */
> + NFQA_GID, /* __u32 sk gid */
This update is wrong. See below the reason why.
> __NFQA_MAX
> };
> #define NFQA_MAX (__NFQA_MAX - 1)
> @@ -101,7 +103,8 @@ enum nfqnl_attr_config {
> #define NFQA_CFG_F_FAIL_OPEN (1 << 0)
> #define NFQA_CFG_F_CONNTRACK (1 << 1)
> #define NFQA_CFG_F_GSO (1 << 2)
> -#define NFQA_CFG_F_MAX (1 << 3)
> +#define NFQA_CFG_F_UID_GID (1 << 3)
> +#define NFQA_CFG_F_MAX (1 << 4)
>
> /* flags for NFQA_SKB_INFO */
> /* packet appears to have wrong checksums, but they are ok */
> diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
> index a2308ae..22f5d45 100644
> --- a/include/linux/netfilter/nfnetlink_queue.h
> +++ b/include/linux/netfilter/nfnetlink_queue.h
> @@ -46,6 +46,9 @@ enum nfqnl_attr_type {
> NFQA_CT_INFO, /* enum ip_conntrack_info */
> NFQA_CAP_LEN, /* __u32 length of captured packet */
> NFQA_SKB_INFO, /* __u32 skb meta information */
> + NFQA_EXP, /* nf_conntrack_netlink.h */
> + NFQA_UID, /* __u32 sk uid */
> + NFQA_GID, /* __u32 sk gid */
You have manually updated libnetfilter_queue/linux_nfnetlink_queue.h,
but you forgot to include NFQA_EXP. The result is that your
nfq_get_uid() returns the NFQA_EXP attribute and nfq_get_gid() returns
the NFQA_UID attribute.
You should have noticed it with a simple run of utils/nfqnl_test run
and a couple of printf to test it. I'm afraid that you're not giving
sufficient testing to your patches.
Fix it and resubmit, thanks.
next prev parent reply other threads:[~2013-12-21 11:38 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-20 16:28 [PATCH v4 0/2] Add UID/GID info to NFQUEUE valentina.giusti
2013-12-20 16:28 ` [PATCH v4 1/2] netfilter_queue: enable UID/GID socket info retrieval valentina.giusti
2013-12-23 14:21 ` Pablo Neira Ayuso
2014-01-07 8:11 ` Valentina Giusti
2013-12-20 16:28 ` [PATCH v4 2/2] libnetfilter_queue: add support for UID/GID socket info valentina.giusti
2013-12-21 11:38 ` Pablo Neira Ayuso [this message]
2014-01-07 13:30 ` [PATCH 0/2] " valentina.giusti
2014-01-07 13:30 ` [PATCH 1/2] src: " valentina.giusti
2014-01-07 23:42 ` Pablo Neira Ayuso
2014-01-07 13:30 ` [PATCH 2/2] utils: add test for nfq_get_uid and nfq_get_gid valentina.giusti
2014-01-07 23:43 ` Pablo Neira Ayuso
2014-01-08 9:36 ` Valentina Giusti
2013-12-21 12:11 ` [PATCH v4 2/2] libnetfilter_queue: add support for UID/GID socket info Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131221113804.GA17964@localhost \
--to=pablo@netfilter.org \
--cc=daniel.wagner@bmw-carit.de \
--cc=fw@strnel.de \
--cc=jpa@google.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=valentina.giusti@bmw-carit.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).