[libnetfilter_queue] nfq: replace nfnl_talk by nfnl_query and disable sequence tracking
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Tue Feb 17 20:56:05 CET 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_queue.git;a=commit;h=bc56a6becbd4c4edf743ca3bee32eb0329fc5e5a
commit bc56a6becbd4c4edf743ca3bee32eb0329fc5e5a
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue Feb 17 20:47:21 2009 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue Feb 17 20:47:21 2009 +0100
nfq: replace nfnl_talk by nfnl_query and disable sequence tracking
This patch replaces the nfnl_talk() calls by the newer nfnl_query().
This patch also disables netlink sequence tracking by default.
Spurious race conditions in the sequence tracking may occur while
creating queues and receiving high load of packets at the same time.
Reported-by: Anton Vazir <anton.vazir at gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via bc56a6becbd4c4edf743ca3bee32eb0329fc5e5a (commit)
from 3bd2cefc0fb9685fde9d402fdbe3f4f3ec3ddd7d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bc56a6becbd4c4edf743ca3bee32eb0329fc5e5a
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Tue Feb 17 20:47:21 2009 +0100
nfq: replace nfnl_talk by nfnl_query and disable sequence tracking
This patch replaces the nfnl_talk() calls by the newer nfnl_query().
This patch also disables netlink sequence tracking by default.
Spurious race conditions in the sequence tracking may occur while
creating queues and receiving high load of packets at the same time.
Reported-by: Anton Vazir <anton.vazir at gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
configure.in | 2 +-
src/libnetfilter_queue.c | 9 ++++++---
2 files changed, 7 insertions(+), 4 deletions(-)
This patch replaces the nfnl_talk() calls by the newer nfnl_query().
This patch also disables netlink sequence tracking by default.
Spurious race conditions in the sequence tracking may occur while
creating queues and receiving high load of packets at the same time.
Reported-by: Anton Vazir <anton.vazir at gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/configure.in b/configure.in
index d3ce4a0..15e03a1 100644
--- a/configure.in
+++ b/configure.in
@@ -18,7 +18,7 @@ case $target in
esac
dnl Dependencies
-LIBNFNETLINK_REQUIRED=0.0.38
+LIBNFNETLINK_REQUIRED=0.0.41
PKG_CHECK_MODULES(LIBNFNETLINK, libnfnetlink >= $LIBNFNETLINK_REQUIRED,,
AC_MSG_ERROR(Cannot find libnfnetlink >= $LIBNFNETLINK_REQUIRED))
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c
index 9e4903b..a2d0de2 100644
--- a/src/libnetfilter_queue.c
+++ b/src/libnetfilter_queue.c
@@ -141,7 +141,7 @@ __build_send_cfg_msg(struct nfq_handle *h, u_int8_t command,
cmd.pf = htons(pf);
nfnl_addattr_l(&u.nmh, sizeof(u), NFQA_CFG_CMD, &cmd, sizeof(cmd));
- return nfnl_talk(h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL);
+ return nfnl_query(h->nfnlh, &u.nmh);
}
static int __nfq_rcv_pkt(struct nlmsghdr *nlh, struct nfattr *nfa[],
@@ -295,6 +295,9 @@ struct nfq_handle *nfq_open(void)
if (!nfnlh)
return NULL;
+ /* unset netlink sequence tracking by default */
+ nfnl_unset_sequence_tracking(nfnlh);
+
qh = nfq_open_nfnl(nfnlh);
if (!qh)
nfnl_close(nfnlh);
@@ -553,7 +556,7 @@ int nfq_set_mode(struct nfq_q_handle *qh,
nfnl_addattr_l(&u.nmh, sizeof(u), NFQA_CFG_PARAMS, ¶ms,
sizeof(params));
- return nfnl_talk(qh->h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL);
+ return nfnl_query(qh->h->nfnlh, &u.nmh);
}
/**
@@ -581,7 +584,7 @@ int nfq_set_queue_maxlen(struct nfq_q_handle *qh,
nfnl_addattr_l(&u.nmh, sizeof(u), NFQA_CFG_QUEUE_MAXLEN, &queue_maxlen,
sizeof(queue_maxlen));
- return nfnl_talk(qh->h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL);
+ return nfnl_query(qh->h->nfnlh, &u.nmh);
}
/**
More information about the netfilter-cvslog
mailing list