From: "Michał Mirosław" <mirq-linux@rere.qmqm.pl>
To: netfilter-devel@lists.netfilter.org
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2.6.20 +0/14] nfnetlink_log: patch series season 2
Date: Mon, 12 Feb 2007 21:20:52 +0100 [thread overview]
Message-ID: <20070212202052.GA28704@rere.qmqm.pl> (raw)
In-Reply-To: <20070212003738.GA8262@rere.qmqm.pl>
Dear list,
As it turned out, not all worms eating nfnetlink_log have been exterminated
by my last patch series. I'll append next four patches to the end of the
series and I hope that it doesn't make your patching scripts unhappy.
Those patches fix two bugs and make two other code beautifications:
11. procfs file handling - don't pass seq_file when you don't have to
* 12. nfulnl_recv_config() - don't modify what isn't there
* 13. __nfulnl_send() and friends - return your books timely
14. __nfulnl_send() - don't prove the obvious
There are some other bugs I found that I'm looking for a fix. One of them
is wrong /proc/net/netfilter/nfnetlink_log contents:
natownica:~# cat /proc/net/netfilter/nfnetlink_log
0 -4100 0 2 65535 100 1
2 -4099 2 2 65535 100 2
4 15355 0 2 65535 100 1
Those three entries are created by a single ulogd2 listening in three
packet logging groups. I believe that's some problem with generating
the file contents because after shutting down ulogd all disappear.
The two groups: 2, 4 are stuffed with packets by those iptables rules:
natownica:~# iptables-save |grep NFLOG
-A LOG_and_DROP_fakenet -m hashlimit --hashlimit 1/sec --hashlimit-mode \
srcip --hashlimit-name fw_fakenet_src -j NFLOG --nflog-prefix \
"fakenet" --nflog-group 2 --nflog-threshold 30
-A LOG_and_DROP_p2p -m hashlimit --hashlimit 1/sec --hashlimit-mode srcip \
--hashlimit-name fw_p2p_src -j NFLOG --nflog-prefix "p2p" \
--nflog-group 2 --nflog-threshold 30
-A invalid -m mark --mark 0x3000/0x3000 -j NFLOG --nflog-prefix \
"nonregistered" --nflog-group 3
-A invalid -j NFLOG --nflog-prefix "invalid" --nflog-group 2
As you can see, there's no group 4 among the rules - 3 is. This seems to
be xt_NFLOG's fault, but I haven't looked there yet.
Greets,
Michal Miroslaw
next prev parent reply other threads:[~2007-02-12 20:21 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-12 0:37 [PATCH 2.6.20 00/10] nfnetlink_log: patch series introduction Michał Mirosław
2007-02-12 20:20 ` Michał Mirosław [this message]
2007-02-12 20:22 ` [PATCH 2.6.20 11/14] nfnetlink_log: iterator functions need iter_state * only Michał Mirosław
2007-02-13 12:51 ` Patrick McHardy
2007-02-12 20:22 ` [PATCH 2.6.20 12/14] nfnetlink_log: possible NULL pointer dereference in nfulnl_recv_config() Michał Mirosław
2007-02-13 12:55 ` Patrick McHardy
2007-02-12 20:22 ` [PATCH 2.6.20 13/14] nfnetlink_log: fix reference counting Michał Mirosław
2007-02-13 12:58 ` Patrick McHardy
2007-02-14 11:38 ` Michał Mirosław
2007-02-12 20:23 ` [PATCH 2.6.20 14/14] nfnetlink_log: micro-optimization: inst->skb != NULL in __nfulnl_send() Michał Mirosław
2007-02-14 11:57 ` Michał Mirosław
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070212202052.GA28704@rere.qmqm.pl \
--to=mirq-linux@rere.qmqm.pl \
--cc=linux-kernel@vger.kernel.org \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.