From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com>
Cc: netfilter-devel@vger.kernel.org, mikhail.sennikovsky@gmail.com
Subject: Re: [PATCH 2/6] conntrack: set reply l4 proto for unknown protocol
Date: Thu, 23 Jun 2022 21:30:18 +0200 [thread overview]
Message-ID: <YrS/SrqYVS5NPMRO@salvia> (raw)
In-Reply-To: <20220623175000.49259-3-mikhail.sennikovskii@ionos.com>
On Thu, Jun 23, 2022 at 07:49:56PM +0200, Mikhail Sennikovsky wrote:
> Withouth reply l4 protocol being set consistently the mnl_cb_run
> (in fact the kernel) would return EINVAL.
>
> Make sure the reply l4 protocol is set properly for unknown
> protocols.
>
> Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com>
> ---
> extensions/libct_proto_unknown.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/extensions/libct_proto_unknown.c b/extensions/libct_proto_unknown.c
> index 2a47704..992b1ed 100644
> --- a/extensions/libct_proto_unknown.c
> +++ b/extensions/libct_proto_unknown.c
> @@ -21,10 +21,21 @@ static void help(void)
> fprintf(stdout, " no options (unsupported)\n");
> }
>
> +static void final_check(unsigned int flags,
> + unsigned int cmd,
> + struct nf_conntrack *ct)
> +{
> + if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO) &&
> + nfct_attr_is_set(ct, ATTR_L4PROTO) &&
> + !nfct_attr_is_set(ct, ATTR_REPL_L4PROTO))
> + nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, nfct_get_attr_u8(ct, ATTR_L4PROTO));
> +}
> +
> struct ctproto_handler ct_proto_unknown = {
> .name = "unknown",
> .help = help,
> .opts = opts,
> + .final_check = final_check,
missing indent to align it with other C99 initializers (coding style nitpick)
.final_check = final_check,
> .version = VERSION,
> };
>
> --
> 2.25.1
>
next prev parent reply other threads:[~2022-06-23 19:40 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-23 17:49 [PATCH 0/6] conntrack: fixes for handling unknown protocols Mikhail Sennikovsky
2022-06-23 17:49 ` [PATCH 1/6] tests/conntrack: ct create for " Mikhail Sennikovsky
2022-06-23 17:49 ` [PATCH 2/6] conntrack: set reply l4 proto for unknown protocol Mikhail Sennikovsky
2022-06-23 19:30 ` Pablo Neira Ayuso [this message]
2022-06-23 17:49 ` [PATCH 3/6] tests/conntrack: invalid protocol values Mikhail Sennikovsky
2022-06-23 19:29 ` Pablo Neira Ayuso
2022-06-23 17:49 ` [PATCH 4/6] conntrack: fix protocol number parsing Mikhail Sennikovsky
2022-06-23 19:29 ` Pablo Neira Ayuso
2022-06-23 17:49 ` [PATCH 5/6] tests/conntrack: ct -o save for unknown protocols Mikhail Sennikovsky
2022-06-23 19:28 ` Pablo Neira Ayuso
2022-06-23 17:50 ` [PATCH 6/6] conntrack: fix -o save dump " Mikhail Sennikovsky
2022-06-23 19:27 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YrS/SrqYVS5NPMRO@salvia \
--to=pablo@netfilter.org \
--cc=mikhail.sennikovskii@ionos.com \
--cc=mikhail.sennikovsky@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).