[libnetfilter_log] nflog: replace nfnl_talk by nfnl_query and disable sequence tracking

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Tue Feb 17 21:12:45 CET 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_log.git;a=commit;h=b0d03dc6762ca9c289bdf92172c0163edff489a4
commit b0d03dc6762ca9c289bdf92172c0163edff489a4
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue Feb 17 21:11:57 2009 +0100
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue Feb 17 21:11:57 2009 +0100

    nflog: replace nfnl_talk by nfnl_query and disable sequence tracking
    
    This patch replaces the nfnl_talk() calls by the newer nfnl_query().
    This patch also disables netlink sequence tracking by default.
    Spurious race conditions in the sequence tracking may occur while
    binding to queues and high load of log messages at the same time.
    
    Reported-by: Anton Vazir <anton.vazir at gmail.com>
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  b0d03dc6762ca9c289bdf92172c0163edff489a4 (commit)
      from  4353e2eeda1f9be2e17cd392180cce6ed0745142 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b0d03dc6762ca9c289bdf92172c0163edff489a4
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Tue Feb 17 21:11:57 2009 +0100

    nflog: replace nfnl_talk by nfnl_query and disable sequence tracking
    
    This patch replaces the nfnl_talk() calls by the newer nfnl_query().
    This patch also disables netlink sequence tracking by default.
    Spurious race conditions in the sequence tracking may occur while
    binding to queues and high load of log messages at the same time.
    
    Reported-by: Anton Vazir <anton.vazir at gmail.com>
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 configure.in           |    2 +-
 src/libnetfilter_log.c |   15 +++++++++------
 2 files changed, 10 insertions(+), 7 deletions(-)
This patch replaces the nfnl_talk() calls by the newer nfnl_query().
This patch also disables netlink sequence tracking by default.
Spurious race conditions in the sequence tracking may occur while
binding to queues and high load of log messages at the same time.

Reported-by: Anton Vazir <anton.vazir at gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/configure.in b/configure.in
index 0ef526d..cdb5000 100644
--- a/configure.in
+++ b/configure.in
@@ -19,7 +19,7 @@ case $target in
 esac
 
 dnl Dependencies
-LIBNFNETLINK_REQUIRED=0.0.39
+LIBNFNETLINK_REQUIRED=0.0.41
  
 PKG_CHECK_MODULES(LIBNFNETLINK, libnfnetlink >= $LIBNFNETLINK_REQUIRED,,
 	AC_MSG_ERROR(Cannot find libnfnetlink >= $LIBNFNETLINK_REQUIRED))
diff --git a/src/libnetfilter_log.c b/src/libnetfilter_log.c
index 7cec2ea..ebb8a19 100644
--- a/src/libnetfilter_log.c
+++ b/src/libnetfilter_log.c
@@ -110,7 +110,7 @@ __build_send_cfg_msg(struct nflog_handle *h, u_int8_t command,
 	cmd.command = command;
 	nfnl_addattr_l(&u.nmh, sizeof(u), NFULA_CFG_CMD, &cmd, sizeof(cmd));
 
-	return nfnl_talk(h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL);
+	return nfnl_query(h->nfnlh, &u.nmh);
 }
 
 static int __nflog_rcv_pkt(struct nlmsghdr *nlh, struct nfattr *nfa[],
@@ -194,6 +194,9 @@ struct nflog_handle *nflog_open(void)
 		return NULL;
 	}
 
+	/* disable netlink sequence tracking by default */
+	nfnl_unset_sequence_tracking(nfnlh);
+
 	lh = nflog_open_nfnl(nfnlh);
 	if (!lh)
 		nfnl_close(nfnlh);
@@ -290,7 +293,7 @@ int nflog_set_mode(struct nflog_g_handle *gh,
 	nfnl_addattr_l(&u.nmh, sizeof(u), NFULA_CFG_MODE, &params,
 		       sizeof(params));
 
-	return nfnl_talk(gh->h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL);
+	return nfnl_query(gh->h->nfnlh, &u.nmh);
 }
 
 int nflog_set_timeout(struct nflog_g_handle *gh, u_int32_t timeout)
@@ -305,7 +308,7 @@ int nflog_set_timeout(struct nflog_g_handle *gh, u_int32_t timeout)
 
 	nfnl_addattr32(&u.nmh, sizeof(u), NFULA_CFG_TIMEOUT, htonl(timeout));
 
-	return nfnl_talk(gh->h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL);
+	return nfnl_query(gh->h->nfnlh, &u.nmh);
 }
 
 int nflog_set_qthresh(struct nflog_g_handle *gh, u_int32_t qthresh)
@@ -320,7 +323,7 @@ int nflog_set_qthresh(struct nflog_g_handle *gh, u_int32_t qthresh)
 
 	nfnl_addattr32(&u.nmh, sizeof(u), NFULA_CFG_QTHRESH, htonl(qthresh));
 
-	return nfnl_talk(gh->h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL);
+	return nfnl_query(gh->h->nfnlh, &u.nmh);
 }
 
 int nflog_set_nlbufsiz(struct nflog_g_handle *gh, u_int32_t nlbufsiz)
@@ -336,7 +339,7 @@ int nflog_set_nlbufsiz(struct nflog_g_handle *gh, u_int32_t nlbufsiz)
 
 	nfnl_addattr32(&u.nmh, sizeof(u), NFULA_CFG_NLBUFSIZ, htonl(nlbufsiz));
 
-	status = nfnl_talk(gh->h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL);
+	status = nfnl_query(gh->h->nfnlh, &u.nmh);
 
 	/* we try to have space for at least 10 messages in the socket buffer */
 	if (status >= 0)
@@ -357,7 +360,7 @@ int nflog_set_flags(struct nflog_g_handle *gh, u_int16_t flags)
 
 	nfnl_addattr16(&u.nmh, sizeof(u), NFULA_CFG_FLAGS, htons(flags));
 
-	return nfnl_talk(gh->h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL);
+	return nfnl_query(gh->h->nfnlh, &u.nmh);
 }

More information about the netfilter-cvslog mailing list