From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nf-next 1/3] netfilter: nfnetlink_queue: remove duplicated obsolete commands handling
Date: Sun, 8 Nov 2015 23:14:54 +0100 [thread overview]
Message-ID: <20151108221454.GA21221@salvia> (raw)
In-Reply-To: <20151106004947.GB11266@gmail.com>
On Fri, Nov 06, 2015 at 09:49:47AM +0900, Ken-ichirou MATSUZAWA wrote:
> Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
> ---
> net/netfilter/nfnetlink_queue.c | 18 +++++-------------
> 1 file changed, 5 insertions(+), 13 deletions(-)
>
> diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
> index 7d81d28..f85a3d3 100644
> --- a/net/netfilter/nfnetlink_queue.c
> +++ b/net/netfilter/nfnetlink_queue.c
> @@ -1116,21 +1116,10 @@ nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
> struct nfgenmsg *nfmsg = nlmsg_data(nlh);
> u_int16_t queue_num = ntohs(nfmsg->res_id);
> struct nfqnl_instance *queue;
> - struct nfqnl_msg_config_cmd *cmd = NULL;
> struct net *net = sock_net(ctnl);
> struct nfnl_queue_net *q = nfnl_queue_pernet(net);
> int ret = 0;
>
> - if (nfqa[NFQA_CFG_CMD]) {
> - cmd = nla_data(nfqa[NFQA_CFG_CMD]);
> -
> - /* Obsolete commands without queue context */
> - switch (cmd->command) {
> - case NFQNL_CFG_CMD_PF_BIND: return 0;
> - case NFQNL_CFG_CMD_PF_UNBIND: return 0;
> - }
> - }
> -
Thanks for following up on this Ken-ichirou.
However, I suspect this is wrong:
commit 0360ae412d09bc6f4864c801effcb20bfd84520e
Author: Florian Westphal <fw@strlen.de>
Date: Fri Nov 23 06:22:21 2012 +0000
netfilter: kill support for per-af queue backends
The former behaviour before Florian's patch is that
NFQNL_CFG_CMD_PF_BIND and NFQNL_CFG_CMD_PF_UNBIND are terminal.
This code is there not to break backward compatibility, ie. old
userspace that rely on these commands.
After this patch, we inspect if there is an existing queue for this,
which was not happening before.
As I said, my concerns go in the direction of possible breakage of old
code, we shouldn't break backward.
Let me know, thanks.
> rcu_read_lock();
> queue = instance_lookup(q, queue_num);
> if (queue && queue->peer_portid != NETLINK_CB(skb).portid) {
next prev parent reply other threads:[~2015-11-08 22:15 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-01 18:43 [PATCH 1/2 v3] netfilter: nfnetlink_queue: get rid of nfnetlink_queue_ct.c Pablo Neira Ayuso
2015-10-01 18:43 ` [PATCH 2/2 v3] netfilter: rename nfnetlink_queue_core.c to nfnetlink_queue.c Pablo Neira Ayuso
2015-10-05 2:44 ` [PATCHv2 nf-next 0/4] netfilter: nfnetlink_log attach conntrack information Ken-ichirou MATSUZAWA
2015-10-05 2:47 ` [PATCHv2 nf-next 1/4] netfilter: nfnetlink_queue: rename related to nfqueue attaching conntrack info Ken-ichirou MATSUZAWA
2015-10-05 2:48 ` [PATCHv2 nf-next 2/4] netfilter: Kconfig rename QUEUE_CT to GLUE_CT Ken-ichirou MATSUZAWA
2015-10-05 2:49 ` [PATCHv2 nf-next 3/4] netfilter: nf_conntrack_netlink: add const qualifier to nfnl_hook.get_ct Ken-ichirou MATSUZAWA
2015-10-05 2:50 ` [PATCHv2 nf-next 4/4] netfilter: nfnetlink_log: allow to attach conntrack Ken-ichirou MATSUZAWA
2015-10-05 15:23 ` Pablo Neira Ayuso
2015-10-06 2:10 ` [PATCHv2 nf-next 0/1] netfilter: nfnetlink_queue: check NFQA_CFG_F_CONNTRACK config flag Ken-ichirou MATSUZAWA
2015-10-06 2:12 ` [PATCHv2 nf-next 1/1] " Ken-ichirou MATSUZAWA
2015-10-06 10:07 ` Pablo Neira Ayuso
2015-10-07 4:20 ` Ken-ichirou MATSUZAWA
2015-10-07 4:23 ` [PATCHv3 nf-next] " Ken-ichirou MATSUZAWA
2015-10-07 4:25 ` [PATCH nf-next] netfilter: nfnetlink_log: autoload nf_conntrack_netlink module " Ken-ichirou MATSUZAWA
2015-10-12 17:13 ` Pablo Neira Ayuso
2015-10-12 20:10 ` Pablo Neira Ayuso
2015-10-16 17:05 ` Pablo Neira Ayuso
2015-11-06 0:46 ` Ken-ichirou MATSUZAWA
2015-11-06 0:49 ` [PATCH nf-next 1/3] netfilter: nfnetlink_queue: remove duplicated obsolete commands handling Ken-ichirou MATSUZAWA
2015-11-08 22:14 ` Pablo Neira Ayuso [this message]
2016-01-05 0:24 ` Ken-ichirou MATSUZAWA
2016-01-05 0:28 ` [PATCH nf-next 1/5] netfilter: nfnetlink_queue: validate dependencies to avoid breaking atomicity Ken-ichirou MATSUZAWA
2016-01-05 0:29 ` [PATCH nf-next 2/5] netfilter: nfnetlink_queue: not handle options after unbind Ken-ichirou MATSUZAWA
2016-01-05 0:31 ` [PATCH nf-next 3/5] netfilter: nfnetlink_queue: just returns error for unknown command Ken-ichirou MATSUZAWA
2016-01-05 0:32 ` [PATCH nf-next 4/5] netfilter: nfnetlink_queue: autoload nf_conntrack_netlink module NFQA_CFG_F_CONNTRACK config flag Ken-ichirou MATSUZAWA
2016-01-05 0:34 ` [PATCH nf-next 5/5] netfilter: nfnetlink_log: just returns error for unknown command Ken-ichirou MATSUZAWA
2016-01-05 11:03 ` Pablo Neira Ayuso
2015-11-06 0:56 ` [PATCH nf-next 2/3] netfilter: nfnetlink_queue: validate dependencies to avoid breaking atomicity Ken-ichirou MATSUZAWA
2015-11-06 0:58 ` [PATCH nf-next 3/3] netfilter: nfnetlink_queue: autoload nf_conntrack_netlink module NFQA_CFG_F_CONNTRACK config flag Ken-ichirou MATSUZAWA
2015-10-07 4:27 ` [PATCH nf-next] netfilter: nf_conntrack_netlink: fix nf-nat module loaded checking Ken-ichirou MATSUZAWA
2015-10-07 4:30 ` [PATCH nf-next] netfilter: nf_conntrack_netlink: fix locks around helper module loading Ken-ichirou MATSUZAWA
2015-10-05 15:33 ` [PATCHv2 nf-next 0/4] netfilter: nfnetlink_log attach conntrack information Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151108221454.GA21221@salvia \
--to=pablo@netfilter.org \
--cc=chamaken@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).