From: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nf-next 2/2] netfilter: nfnetlink_log: validate dependencies to avoid breaking atomicity
Date: Thu, 15 Oct 2015 11:37:06 +0900 [thread overview]
Message-ID: <20151015023706.GA16497@gmail.com> (raw)
In-Reply-To: <1444733268-8564-2-git-send-email-pablo@netfilter.org>
[-- Attachment #1: Type: text/plain, Size: 864 bytes --]
Thank you for your usual support.
On Tue, Oct 13, 2015 at 12:47:47PM +0200, Pablo Neira Ayuso wrote:
> @Ken-ichirou: Could you give a test to this patches? Thanks.
I've tested these with appended and is fine, of course.
Before applying patches:
# ./a.out 123
a.out: empty_cfg.c:56: main: Assertion `mnl_cb_run(buf, ret, 0, portid, ((void *)0), ((void *)0)) == -1' failed.
Aborted
On Tue, Oct 13, 2015 at 12:47:48PM +0200, Pablo Neira Ayuso wrote:
> +#ifdef CONFIG_MODULES
> + nfnl_unlock(NFNL_SUBSYS_ULOG);
> + request_module("ip_conntrack_netlink");
> + nfnl_lock(NFNL_SUBSYS_ULOG);
> + if (rcu_access_pointer(nfnl_ct_hook)) {
> + ret = -EAGAIN;
> + goto out_put;
> + }
> +#endif
> + ret = -EOPNOTSUPP;
> + goto out_put;
It's off the subject, but this fixes module unload. It was not
put instance at my first patch, Thanks!
[-- Attachment #2: empty_cfg.c --]
[-- Type: text/x-csrc, Size: 1326 bytes --]
/*
* This example is placed in the public domain.
* cc empty_cfg.c -lmnl -lnetfilter_log
*/
#include <stdio.h>
#include <stdlib.h>
#include <arpa/inet.h>
#include <errno.h>
#include <assert.h>
#include <linux/netfilter/nfnetlink_log.h>
#include <libmnl/libmnl.h>
#include <libnetfilter_log/libnetfilter_log.h>
int main(int argc, char *argv[])
{
struct mnl_socket *nl;
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
int ret;
unsigned int portid, qnum;
if (argc != 2) {
printf("Usage: %s [queue_num]\n", argv[0]);
exit(EXIT_FAILURE);
}
qnum = atoi(argv[1]);
nl = mnl_socket_open(NETLINK_NETFILTER);
if (nl == NULL) {
perror("mnl_socket_open");
exit(EXIT_FAILURE);
}
if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) {
perror("mnl_socket_bind");
exit(EXIT_FAILURE);
}
portid = mnl_socket_get_portid(nl);
nlh = nflog_nlmsg_put_header(buf, NFULNL_MSG_CONFIG, AF_UNSPEC, qnum);
nlh->nlmsg_flags |= NLM_F_ACK;
if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
perror("mnl_socket_sendto");
exit(EXIT_FAILURE);
}
ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
if (ret == -1) {
perror("mnl_socket_recvfrom");
exit(EXIT_FAILURE);
}
assert(mnl_cb_run(buf, ret, 0, portid, NULL, NULL) == MNL_CB_ERROR);
assert(errno == ENODEV);
mnl_socket_close(nl);
return 0;
}
prev parent reply other threads:[~2015-10-15 2:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-13 10:47 [PATCH nf-next 1/2] netfilter: nfnetlink_log: consolidate check for instance in nfulnl_recv_config() Pablo Neira Ayuso
2015-10-13 10:47 ` [PATCH nf-next 2/2] netfilter: nfnetlink_log: validate dependencies to avoid breaking atomicity Pablo Neira Ayuso
2015-10-15 2:37 ` Ken-ichirou MATSUZAWA [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151015023706.GA16497@gmail.com \
--to=chamaken@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).