From: Nikolaos Gkarlis <nickgarlis@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: pablo@netfilter.org, fw@strlen.de, fmancera@suse.de,
Nikolaos Gkarlis <nickgarlis@gmail.com>
Subject: [PATCH v2 1/2] netfilter: nfnetlink: always ACK batch end if requested
Date: Sat, 4 Oct 2025 11:26:54 +0200 [thread overview]
Message-ID: <20251004092655.237888-2-nickgarlis@gmail.com> (raw)
In-Reply-To: <20251004092655.237888-1-nickgarlis@gmail.com>
Before ACKs were introduced for batch begin and batch end messages,
userspace expected to receive the same number of ACKs as it sent,
unless a fatal error occurred.
To preserve this deterministic behavior, send an ACK for batch end
messages even when an error happens in the middle of the batch,
similar to how ACKs are handled for command messages.
Fixes: bf2ac490d28c ("netfilter: nfnetlink: Handle ACK flags for batch
messages")
Signed-off-by: Nikolaos Gkarlis <nickgarlis@gmail.com>
---
net/netfilter/nfnetlink.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 811d02b4c4f7..33acc1b94a0e 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -600,6 +600,11 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
status |= NFNL_BATCH_FAILURE;
goto replay_abort;
}
+
+ if (nlh->nlmsg_flags & NLM_F_ACK && status & NFNL_BATCH_DONE) {
+ memset(&extack, 0, sizeof(extack));
+ nfnl_err_add(&err_list, nlh, 0, &extack);
+ }
}
nfnl_err_deliver(&err_list, oskb);
--
2.34.1
next prev parent reply other threads:[~2025-10-04 9:29 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-01 21:15 [PATCH] netfilter: nfnetlink: always ACK batch end if requested Nikolaos Gkarlis
2025-10-02 9:48 ` Fernando Fernandez Mancera
2025-10-02 10:41 ` Nikolaos Gkarlis
2025-10-02 11:03 ` Fernando Fernandez Mancera
2025-10-04 9:26 ` [PATCH v2 0/2] " Nikolaos Gkarlis
2025-10-04 9:26 ` Nikolaos Gkarlis [this message]
2025-10-04 9:26 ` [PATCH v2 2/2] selftests: netfilter: add nfnetlink ACK handling tests Nikolaos Gkarlis
2025-10-04 10:46 ` Florian Westphal
2025-10-04 11:08 ` Nikolaos Gkarlis
2025-10-04 12:26 ` Florian Westphal
2025-10-05 10:43 ` Nikolaos Gkarlis
2025-10-05 11:42 ` Florian Westphal
2025-10-05 12:54 ` [PATCH v3] " Nikolaos Gkarlis
2025-10-08 10:26 ` Florian Westphal
2025-10-08 10:37 ` Nikolaos Gkarlis
2025-10-08 10:39 ` Florian Westphal
2025-10-04 9:38 ` [PATCH v2 0/2] always ACK batch end if requested Nikolaos Gkarlis
2025-10-02 10:10 ` [PATCH] netfilter: nfnetlink: " Florian Westphal
2025-10-02 10:46 ` Nikolaos Gkarlis
2025-10-07 20:33 ` Pablo Neira Ayuso
2025-10-08 7:28 ` Florian Westphal
2025-10-08 11:33 ` Pablo Neira Ayuso
2025-10-08 13:35 ` Donald Hunter
2025-10-08 14:50 ` Florian Westphal
2025-10-08 8:41 ` Nikolaos Gkarlis
2025-10-08 11:09 ` Pablo Neira Ayuso
2025-10-08 14:50 ` Nikolaos Gkarlis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251004092655.237888-2-nickgarlis@gmail.com \
--to=nickgarlis@gmail.com \
--cc=fmancera@suse.de \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).