* [PATCH 0/2] A couple of netfilter fixes
@ 2009-05-27 12:53 Pablo Neira Ayuso
2009-05-27 12:54 ` [PATCH 1/2] netfilter: nfnetlink_log: fix wrong skbuff size calculation Pablo Neira Ayuso
2009-05-27 12:54 ` [PATCH 2/2] netfilter: conntrack: add support for DCCP handshake sequence to ctnetlink Pablo Neira Ayuso
0 siblings, 2 replies; 7+ messages in thread
From: Pablo Neira Ayuso @ 2009-05-27 12:53 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
Hi Patrick,
Are we in time to put these patches into 2.6.30-rc?
---
Pablo Neira Ayuso (2):
netfilter: conntrack: add support for DCCP handshake sequence to ctnetlink
netfilter: nfnetlink_log: fix wrong skbuff size calculation
include/linux/netfilter/nfnetlink_conntrack.h | 1 +
net/netfilter/nf_conntrack_proto_dccp.c | 7 +++++++
net/netfilter/nfnetlink_log.c | 6 ++++++
3 files changed, 14 insertions(+), 0 deletions(-)
^ permalink raw reply [flat|nested] 7+ messages in thread* [PATCH 1/2] netfilter: nfnetlink_log: fix wrong skbuff size calculation 2009-05-27 12:53 [PATCH 0/2] A couple of netfilter fixes Pablo Neira Ayuso @ 2009-05-27 12:54 ` Pablo Neira Ayuso 2009-05-27 13:50 ` Patrick McHardy 2009-05-27 12:54 ` [PATCH 2/2] netfilter: conntrack: add support for DCCP handshake sequence to ctnetlink Pablo Neira Ayuso 1 sibling, 1 reply; 7+ messages in thread From: Pablo Neira Ayuso @ 2009-05-27 12:54 UTC (permalink / raw) To: netfilter-devel; +Cc: kaber This problem was introduced in 72961ecf84d67d6359a1b30f9b2a8427f13e1e71 since no space was reserved for the new attributes NFULA_HWTYPE, NFULA_HWLEN and NFULA_HWHEADER. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- net/netfilter/nfnetlink_log.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index fd326ac..66a6dd5 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c @@ -581,6 +581,12 @@ nfulnl_log_packet(u_int8_t pf, + nla_total_size(sizeof(struct nfulnl_msg_packet_hw)) + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp)); + if (in && skb_mac_header_was_set(skb)) { + size += nla_total_size(skb->dev->hard_header_len) + + nla_total_size(sizeof(u_int16_t)) /* hwtype */ + + nla_total_size(sizeof(u_int16_t)); /* hwlen */ + } + spin_lock_bh(&inst->lock); if (inst->flags & NFULNL_CFG_F_SEQ) ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] netfilter: nfnetlink_log: fix wrong skbuff size calculation 2009-05-27 12:54 ` [PATCH 1/2] netfilter: nfnetlink_log: fix wrong skbuff size calculation Pablo Neira Ayuso @ 2009-05-27 13:50 ` Patrick McHardy 0 siblings, 0 replies; 7+ messages in thread From: Patrick McHardy @ 2009-05-27 13:50 UTC (permalink / raw) To: Pablo Neira Ayuso; +Cc: netfilter-devel Pablo Neira Ayuso wrote: > This problem was introduced in 72961ecf84d67d6359a1b30f9b2a8427f13e1e71 > since no space was reserved for the new attributes NFULA_HWTYPE, > NFULA_HWLEN and NFULA_HWHEADER. Applied, thanks Pablo. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 2/2] netfilter: conntrack: add support for DCCP handshake sequence to ctnetlink 2009-05-27 12:53 [PATCH 0/2] A couple of netfilter fixes Pablo Neira Ayuso 2009-05-27 12:54 ` [PATCH 1/2] netfilter: nfnetlink_log: fix wrong skbuff size calculation Pablo Neira Ayuso @ 2009-05-27 12:54 ` Pablo Neira Ayuso 2009-05-27 14:13 ` Patrick McHardy 1 sibling, 1 reply; 7+ messages in thread From: Pablo Neira Ayuso @ 2009-05-27 12:54 UTC (permalink / raw) To: netfilter-devel; +Cc: kaber This patch adds CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ that exposes the u64 handshake sequence number to user-space. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- include/linux/netfilter/nfnetlink_conntrack.h | 1 + net/netfilter/nf_conntrack_proto_dccp.c | 7 +++++++ 2 files changed, 8 insertions(+), 0 deletions(-) diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h index 1a865e4..ed4ef8d 100644 --- a/include/linux/netfilter/nfnetlink_conntrack.h +++ b/include/linux/netfilter/nfnetlink_conntrack.h @@ -101,6 +101,7 @@ enum ctattr_protoinfo_dccp { CTA_PROTOINFO_DCCP_UNSPEC, CTA_PROTOINFO_DCCP_STATE, CTA_PROTOINFO_DCCP_ROLE, + CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ, __CTA_PROTOINFO_DCCP_MAX, }; #define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1) diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c index aee0d6b..0831b5e 100644 --- a/net/netfilter/nf_conntrack_proto_dccp.c +++ b/net/netfilter/nf_conntrack_proto_dccp.c @@ -639,6 +639,8 @@ static int dccp_to_nlattr(struct sk_buff *skb, struct nlattr *nla, NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_STATE, ct->proto.dccp.state); NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_ROLE, ct->proto.dccp.role[IP_CT_DIR_ORIGINAL]); + NLA_PUT_U64(skb, CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ, + ct->proto.dccp.handshake_seq); nla_nest_end(skb, nest_parms); read_unlock_bh(&dccp_lock); return 0; @@ -651,6 +653,7 @@ nla_put_failure: static const struct nla_policy dccp_nla_policy[CTA_PROTOINFO_DCCP_MAX + 1] = { [CTA_PROTOINFO_DCCP_STATE] = { .type = NLA_U8 }, [CTA_PROTOINFO_DCCP_ROLE] = { .type = NLA_U8 }, + [CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ] = { .type = NLA_U64 }, }; static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct) @@ -683,6 +686,10 @@ static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct) ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_SERVER; ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_CLIENT; } + if (tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ]) { + ct->proto.dccp.handshake_seq = + nla_get_u64(tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ]); + } write_unlock_bh(&dccp_lock); return 0; } ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] netfilter: conntrack: add support for DCCP handshake sequence to ctnetlink 2009-05-27 12:54 ` [PATCH 2/2] netfilter: conntrack: add support for DCCP handshake sequence to ctnetlink Pablo Neira Ayuso @ 2009-05-27 14:13 ` Patrick McHardy 2009-05-27 14:50 ` Pablo Neira Ayuso 0 siblings, 1 reply; 7+ messages in thread From: Patrick McHardy @ 2009-05-27 14:13 UTC (permalink / raw) To: Pablo Neira Ayuso; +Cc: netfilter-devel Pablo Neira Ayuso wrote: > --- a/net/netfilter/nf_conntrack_proto_dccp.c > +++ b/net/netfilter/nf_conntrack_proto_dccp.c > @@ -639,6 +639,8 @@ static int dccp_to_nlattr(struct sk_buff *skb, struct nlattr *nla, > NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_STATE, ct->proto.dccp.state); > NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_ROLE, > ct->proto.dccp.role[IP_CT_DIR_ORIGINAL]); > + NLA_PUT_U64(skb, CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ, > + ct->proto.dccp.handshake_seq); This should use big endian byteorder. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] netfilter: conntrack: add support for DCCP handshake sequence to ctnetlink 2009-05-27 14:13 ` Patrick McHardy @ 2009-05-27 14:50 ` Pablo Neira Ayuso 2009-05-27 15:51 ` Patrick McHardy 0 siblings, 1 reply; 7+ messages in thread From: Pablo Neira Ayuso @ 2009-05-27 14:50 UTC (permalink / raw) To: Patrick McHardy; +Cc: netfilter-devel [-- Attachment #1: Type: text/plain, Size: 903 bytes --] Patrick McHardy wrote: > Pablo Neira Ayuso wrote: >> --- a/net/netfilter/nf_conntrack_proto_dccp.c >> +++ b/net/netfilter/nf_conntrack_proto_dccp.c >> @@ -639,6 +639,8 @@ static int dccp_to_nlattr(struct sk_buff *skb, >> struct nlattr *nla, >> NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_STATE, ct->proto.dccp.state); >> NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_ROLE, >> ct->proto.dccp.role[IP_CT_DIR_ORIGINAL]); >> + NLA_PUT_U64(skb, CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ, >> + ct->proto.dccp.handshake_seq); > > This should use big endian byteorder. dccp_hdr_seq() returns a value in host byte order, which is used to assign the value to handshake_seq. So, we need to use cpu_to_be64() to convert the value to network byte order as other attributes in ctnetlink which are in network byte order, right? :) Patch attached. -- "Los honestos son inadaptados sociales" -- Les Luthiers [-- Attachment #2: ct-dccp-export-seq.patch --] [-- Type: text/x-diff, Size: 2930 bytes --] netfilter: conntrack: add support for DCCP handshake sequence to ctnetlink This patch adds CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ that exposes the u64 handshake sequence number to user-space. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- include/linux/netfilter/nfnetlink_conntrack.h | 1 + include/net/netlink.h | 9 +++++++++ net/netfilter/nf_conntrack_proto_dccp.c | 7 +++++++ 3 files changed, 17 insertions(+), 0 deletions(-) diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h index 1a865e4..ed4ef8d 100644 --- a/include/linux/netfilter/nfnetlink_conntrack.h +++ b/include/linux/netfilter/nfnetlink_conntrack.h @@ -101,6 +101,7 @@ enum ctattr_protoinfo_dccp { CTA_PROTOINFO_DCCP_UNSPEC, CTA_PROTOINFO_DCCP_STATE, CTA_PROTOINFO_DCCP_ROLE, + CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ, __CTA_PROTOINFO_DCCP_MAX, }; #define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1) diff --git a/include/net/netlink.h b/include/net/netlink.h index eddb502..007bdb0 100644 --- a/include/net/netlink.h +++ b/include/net/netlink.h @@ -940,6 +940,15 @@ static inline u64 nla_get_u64(const struct nlattr *nla) } /** + * nla_get_be64 - return payload of __be64 attribute + * @nla: __be64 netlink attribute + */ +static inline __be64 nla_get_be64(const struct nlattr *nla) +{ + return *(__be64 *) nla_data(nla); +} + +/** * nla_get_flag - return payload of flag attribute * @nla: flag netlink attribute */ diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c index aee0d6b..2952269 100644 --- a/net/netfilter/nf_conntrack_proto_dccp.c +++ b/net/netfilter/nf_conntrack_proto_dccp.c @@ -639,6 +639,8 @@ static int dccp_to_nlattr(struct sk_buff *skb, struct nlattr *nla, NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_STATE, ct->proto.dccp.state); NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_ROLE, ct->proto.dccp.role[IP_CT_DIR_ORIGINAL]); + NLA_PUT_BE64(skb, CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ, + cpu_to_be64(ct->proto.dccp.handshake_seq)); nla_nest_end(skb, nest_parms); read_unlock_bh(&dccp_lock); return 0; @@ -651,6 +653,7 @@ nla_put_failure: static const struct nla_policy dccp_nla_policy[CTA_PROTOINFO_DCCP_MAX + 1] = { [CTA_PROTOINFO_DCCP_STATE] = { .type = NLA_U8 }, [CTA_PROTOINFO_DCCP_ROLE] = { .type = NLA_U8 }, + [CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ] = { .type = NLA_U64 }, }; static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct) @@ -683,6 +686,10 @@ static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct) ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_SERVER; ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_CLIENT; } + if (tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ]) { + ct->proto.dccp.handshake_seq = + be64_to_cpu(nla_get_be64(tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ])); + } write_unlock_bh(&dccp_lock); return 0; } ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] netfilter: conntrack: add support for DCCP handshake sequence to ctnetlink 2009-05-27 14:50 ` Pablo Neira Ayuso @ 2009-05-27 15:51 ` Patrick McHardy 0 siblings, 0 replies; 7+ messages in thread From: Patrick McHardy @ 2009-05-27 15:51 UTC (permalink / raw) To: Pablo Neira Ayuso; +Cc: netfilter-devel Pablo Neira Ayuso wrote: > Patrick McHardy wrote: >> Pablo Neira Ayuso wrote: >>> --- a/net/netfilter/nf_conntrack_proto_dccp.c >>> +++ b/net/netfilter/nf_conntrack_proto_dccp.c >>> @@ -639,6 +639,8 @@ static int dccp_to_nlattr(struct sk_buff *skb, >>> struct nlattr *nla, >>> NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_STATE, ct->proto.dccp.state); >>> NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_ROLE, >>> ct->proto.dccp.role[IP_CT_DIR_ORIGINAL]); >>> + NLA_PUT_U64(skb, CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ, >>> + ct->proto.dccp.handshake_seq); >> This should use big endian byteorder. > > dccp_hdr_seq() returns a value in host byte order, which is used to > assign the value to handshake_seq. So, we need to use cpu_to_be64() to > convert the value to network byte order as other attributes in ctnetlink > which are in network byte order, right? :) Absolutely :) > Patch attached. Applied to nf-next, thanks. ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2009-05-27 15:51 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2009-05-27 12:53 [PATCH 0/2] A couple of netfilter fixes Pablo Neira Ayuso 2009-05-27 12:54 ` [PATCH 1/2] netfilter: nfnetlink_log: fix wrong skbuff size calculation Pablo Neira Ayuso 2009-05-27 13:50 ` Patrick McHardy 2009-05-27 12:54 ` [PATCH 2/2] netfilter: conntrack: add support for DCCP handshake sequence to ctnetlink Pablo Neira Ayuso 2009-05-27 14:13 ` Patrick McHardy 2009-05-27 14:50 ` Pablo Neira Ayuso 2009-05-27 15:51 ` Patrick McHardy
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).