From: Patrick McHardy <kaber@trash.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 5/8] [PATCH] Helper modules load-on-demand support for ctnetlink
Date: Mon, 17 Nov 2008 16:24:16 +0100 [thread overview]
Message-ID: <49218CA0.20502@trash.net> (raw)
In-Reply-To: <20081117084055.11368.51948.stgit@Decadence>
Pablo Neira Ayuso wrote:
> This patch adds module loading for helpers via ctnetlink.
>
> * Creation path: We support explicit and implicit helper assignation. For
> the explicit case, we try to load the module. If the module is correctly
> loaded and the helper is present, we return EAGAIN to re-start the
> creation. Otherwise, we return EOPNOTSUPP.
> * Update path: release the spin lock, load the module and check. If it is
> present, then return EAGAIN to re-start the update.
>
> This patch provides a refactorized function to lookup-and-set the
> connection tracking helper. The function removes the exported symbol
> __nf_ct_helper_find as it has not clients anymore.
>
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
>
> +int __nf_ct_assign_helper(struct nf_conn *ct, gfp_t flags)
> +{
> + int ret = 0;
> + struct nf_conntrack_helper *helper;
> + struct nf_conn_help *help = nfct_help(ct);
> +
> + helper = __nf_ct_helper_find(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
> + if (helper == NULL) {
> + if (help)
> + rcu_assign_pointer(help->helper, NULL);
> + ret = -ENOENT;
> + goto out;
Its a bit confusing to change the entry, but still return an error.
ctnetlink_create_conntrack() explicitly checks for ENOMEM and
ignores other errors, other callers ignore them completely. This
is risky because people changing that function will probably
expect the caller to handle any kind of error.
Since failure to find a helper is not really an error, I think
it would be better to simply return 0 in that case and have
ctnetlink_create_conntrack() check for < 0. Even better would
be to reflect in the function name that it only tries to find a
matching helper. I don't have a good suggestion though, maybe
try_assign_helper or lookup_helper.
> + }
> +
> + if (help == NULL) {
> + help = nf_ct_helper_ext_add(ct, flags);
> + if (help == NULL) {
> + ret = -ENOMEM;
> + goto out;
> + }
> + } else {
> + memset(&help->help, 0, sizeof(help->help));
> + }
> +
> + rcu_assign_pointer(help->helper, helper);
> +out:
> + return ret;
> +}
> +EXPORT_SYMBOL_GPL(__nf_ct_assign_helper);
> +
> static inline int unhelp(struct nf_conntrack_tuple_hash *i,
> const struct nf_conntrack_helper *me)
> {
> diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
> index 49a04fa..7af7a86 100644
> --- a/net/netfilter/nf_conntrack_netlink.c
> +++ b/net/netfilter/nf_conntrack_netlink.c
> @@ -917,8 +917,22 @@ ctnetlink_change_helper(struct nf_conn *ct, struct nlattr *cda[])
> }
>
> helper = __nf_conntrack_helper_find_byname(helpname);
> - if (helper == NULL)
> + if (helper == NULL) {
> +#ifdef CONFIG_KMOD
As Alexey pointed out, CONFIG_KMOD should not be used here, but
CONFIG_MODULES.
next prev parent reply other threads:[~2008-11-17 15:24 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-17 8:39 [PATCH 1/8] [PATCH] use nf_conntrack_get instead of atomic_inc Pablo Neira Ayuso
2008-11-17 8:39 ` [PATCH 2/8] [PATCH] use EOPNOTSUPP instead of EINVAL if the conntrack has no helper Pablo Neira Ayuso
2008-11-17 14:56 ` Patrick McHardy
2008-11-17 8:40 ` [PATCH 3/8] [PATCH] get rid of module refcounting in ctnetlink Pablo Neira Ayuso
2008-11-17 15:01 ` Patrick McHardy
2008-11-17 8:40 ` [PATCH 4/8] [PATCH] connection tracking helper name persistent aliases Pablo Neira Ayuso
2008-11-17 15:02 ` Patrick McHardy
2008-11-17 8:40 ` [PATCH 5/8] [PATCH] Helper modules load-on-demand support for ctnetlink Pablo Neira Ayuso
2008-11-17 8:55 ` Alexey Dobriyan
2008-11-17 15:24 ` Patrick McHardy [this message]
2008-11-17 8:41 ` [PATCH 6/8] [PATCH] deliver events for conntracks created via ctnetlink Pablo Neira Ayuso
2008-11-17 8:41 ` [PATCH 7/8] [PATCH] dynamic calculation of event message size for ctnetlink Pablo Neira Ayuso
2008-11-17 8:44 ` David Miller
2008-11-17 15:32 ` Patrick McHardy
2008-11-18 3:33 ` Pablo Neira Ayuso
2008-11-18 10:21 ` Pablo Neira Ayuso
2008-11-18 11:03 ` Patrick McHardy
2008-11-19 0:03 ` Pablo Neira Ayuso
2008-11-19 12:05 ` Patrick McHardy
2008-11-18 11:01 ` Patrick McHardy
2008-11-17 8:42 ` [PATCH 8/8] [PATCH] bump the expectation helper name Pablo Neira Ayuso
2008-11-17 14:55 ` [PATCH 1/8] [PATCH] use nf_conntrack_get instead of atomic_inc Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49218CA0.20502@trash.net \
--to=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).