[PATCH ulogd2] nfct: fix counter-reset without hashtable

[PATCH ulogd2] nfct: fix counter-reset without hashtable

[Corubba Smith]

The dump_reset_handler will try to update the hashtable regardless of
whether it is used (and thus initialized), which results in a segfault
if it isn't. Instead just short-circuit the handler, and skip any
further result processing because it's not used in this case anyway.
All flow counters in conntrack are reset regardless of the return value
of the handler/callback.

Signed-off-by: Corubba Smith <corubba@gmx.de>
---
 input/flow/ulogd_inpflow_NFCT.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index 93edb76..cdda741 100644
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -989,6 +989,9 @@ dump_reset_handler(enum nf_conntrack_msg_type type,
 	int ret = NFCT_CB_CONTINUE, rc, id;
 	struct ct_timestamp *ts;

+	if (!cpi->ct_active)
+		return NFCT_CB_STOP;
+
 	switch(type) {
 	case NFCT_T_UPDATE:
 		id = hashtable_hash(cpi->ct_active, ct);
--
2.49.0

Re: [PATCH ulogd2] nfct: fix counter-reset without hashtable

[Florian Westphal]

Corubba Smith <corubba@gmx.de> wrote:
> The dump_reset_handler will try to update the hashtable regardless of
> whether it is used (and thus initialized), which results in a segfault
> if it isn't. Instead just short-circuit the handler, and skip any
> further result processing because it's not used in this case anyway.
> All flow counters in conntrack are reset regardless of the return value
> of the handler/callback.

How can this happen?
constructor_nfct (->start()) will return an error if ct_active table
cannot be allocated/is disabled?

Re: [PATCH ulogd2] nfct: fix counter-reset without hashtable

[Corubba Smith]

On 3/25/25 06:56, Florian Westphal wrote:
> Corubba Smith <corubba@gmx.de> wrote:
>> The dump_reset_handler will try to update the hashtable regardless of
>> whether it is used (and thus initialized), which results in a segfault
>> if it isn't. Instead just short-circuit the handler, and skip any
>> further result processing because it's not used in this case anyway.
>> All flow counters in conntrack are reset regardless of the return value
>> of the handler/callback.
>
> How can this happen?
> constructor_nfct (->start()) will return an error if ct_active table
> cannot be allocated/is disabled?
>

In event mode the hashtable is optional, and sending SIGUSR2 to ulogd will
call get_ctr_zero().

--
Corubba

Re: [PATCH ulogd2] nfct: fix counter-reset without hashtable

[Florian Westphal]

Corubba Smith <corubba@gmx.de> wrote:
> On 3/25/25 06:56, Florian Westphal wrote:
> > Corubba Smith <corubba@gmx.de> wrote:
> >> The dump_reset_handler will try to update the hashtable regardless of
> >> whether it is used (and thus initialized), which results in a segfault
> >> if it isn't. Instead just short-circuit the handler, and skip any
> >> further result processing because it's not used in this case anyway.
> >> All flow counters in conntrack are reset regardless of the return value
> >> of the handler/callback.
> >
> > How can this happen?
> > constructor_nfct (->start()) will return an error if ct_active table
> > cannot be allocated/is disabled?
> >
> 
> In event mode the hashtable is optional, and sending SIGUSR2 to ulogd will
> call get_ctr_zero().

Thanks, applied the patch with above sentence included in the commit
message.