From mboxrd@z Thu Jan  1 00:00:00 1970
From: Patrick McHardy <kaber@trash.net>
Subject: Re: [PATCH 02/13] IP set core support
Date: Tue, 01 Feb 2011 16:34:47 +0100
Message-ID: <4D482817.7090407@trash.net>
References: <1296514388-20900-1-git-send-email-kadlec@blackhole.kfki.hu> <1296514388-20900-2-git-send-email-kadlec@blackhole.kfki.hu> <1296514388-20900-3-git-send-email-kadlec@blackhole.kfki.hu>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
Cc: netfilter-devel@vger.kernel.org,
	Pablo Neira Ayuso <pablo@netfilter.org>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Return-path: <netfilter-devel-owner@vger.kernel.org>
Received: from stinky.trash.net ([213.144.137.162]:44395 "EHLO
	stinky.trash.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750998Ab1BAPe7 (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Tue, 1 Feb 2011 10:34:59 -0500
In-Reply-To: <1296514388-20900-3-git-send-email-kadlec@blackhole.kfki.hu>
Sender: netfilter-devel-owner@vger.kernel.org
List-ID: <netfilter-devel.vger.kernel.org>

Am 31.01.2011 23:52, schrieb Jozsef Kadlecsik:
> +static int
> +call_ad(struct sk_buff *skb, struct ip_set *set,
> +	struct nlattr *tb[], enum ipset_adt adt,
> +	u32 flags, bool use_lineno)
> +{
> +	int ret, retried = 0;
> +	u32 lineno = 0;
> +	bool eexist = flags & IPSET_FLAG_EXIST;
> +
> +	do {
> +		write_lock_bh(&set->lock);
> +		ret = set->variant->uadt(set, tb, adt, &lineno, flags);
> +		write_unlock_bh(&set->lock);
> +	} while (ret == -EAGAIN &&
> +		 set->variant->resize &&
> +		 (ret = set->variant->resize(set, retried++)) == 0);
> +
> +	if (!ret || (ret == -IPSET_ERR_EXIST && eexist))
> +		return 0;
> +	if (lineno && use_lineno) {
> +		/* Error in restore/batch mode: send back lineno */
> +		struct nlmsghdr *nlh = nlmsg_hdr(skb);
> +		int min_len = NLMSG_SPACE(sizeof(struct nfgenmsg));
> +		struct nlattr *cda[IPSET_ATTR_CMD_MAX+1];
> +		struct nlattr *cmdattr = (void *)nlh + min_len;
> +		u32 *errline;
> +
> +		nla_parse(cda, IPSET_ATTR_CMD_MAX,
> +			  cmdattr, nlh->nlmsg_len - min_len,
> +			  ip_set_adt_policy);
> +
> +		errline = nla_data(cda[IPSET_ATTR_LINENO]);
> +
> +		*errline = lineno;

This is still not correct. I didn't mean to remove the const attributes
(the message is still considered const by the higher layers, the netlink
functions just cast this away). You're modifying the received message,
I don't see how this can be useful to userspace.

I guess you're relying on that the original message is appended to a
nlmsgerr message. That doesn't seem right though, if you want to return
something to userspace, you should construct a new message.

> +	}
> +
> +	return ret;
> +}