diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-02-17 21:11:57 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-02-17 21:11:57 +0100 |
| commit | b0d03dc6762ca9c289bdf92172c0163edff489a4 (patch) | |
| tree | 29349d26e18b7ca0e93f1176ee0c48866ee5903b /src | |
| parent | 4353e2eeda1f9be2e17cd392180cce6ed0745142 (diff) | |
nflog: replace nfnl_talk by nfnl_query and disable sequence tracking
This patch replaces the nfnl_talk() calls by the newer nfnl_query().
This patch also disables netlink sequence tracking by default.
Spurious race conditions in the sequence tracking may occur while
binding to queues and high load of log messages at the same time.
Reported-by: Anton Vazir <anton.vazir@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/libnetfilter_log.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/libnetfilter_log.c b/src/libnetfilter_log.c index 7cec2ea..ebb8a19 100644 --- a/src/libnetfilter_log.c +++ b/src/libnetfilter_log.c @@ -110,7 +110,7 @@ __build_send_cfg_msg(struct nflog_handle *h, u_int8_t command, cmd.command = command; nfnl_addattr_l(&u.nmh, sizeof(u), NFULA_CFG_CMD, &cmd, sizeof(cmd)); - return nfnl_talk(h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL); + return nfnl_query(h->nfnlh, &u.nmh); } static int __nflog_rcv_pkt(struct nlmsghdr *nlh, struct nfattr *nfa[], @@ -194,6 +194,9 @@ struct nflog_handle *nflog_open(void) return NULL; } + /* disable netlink sequence tracking by default */ + nfnl_unset_sequence_tracking(nfnlh); + lh = nflog_open_nfnl(nfnlh); if (!lh) nfnl_close(nfnlh); @@ -290,7 +293,7 @@ int nflog_set_mode(struct nflog_g_handle *gh, nfnl_addattr_l(&u.nmh, sizeof(u), NFULA_CFG_MODE, ¶ms, sizeof(params)); - return nfnl_talk(gh->h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL); + return nfnl_query(gh->h->nfnlh, &u.nmh); } int nflog_set_timeout(struct nflog_g_handle *gh, u_int32_t timeout) @@ -305,7 +308,7 @@ int nflog_set_timeout(struct nflog_g_handle *gh, u_int32_t timeout) nfnl_addattr32(&u.nmh, sizeof(u), NFULA_CFG_TIMEOUT, htonl(timeout)); - return nfnl_talk(gh->h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL); + return nfnl_query(gh->h->nfnlh, &u.nmh); } int nflog_set_qthresh(struct nflog_g_handle *gh, u_int32_t qthresh) @@ -320,7 +323,7 @@ int nflog_set_qthresh(struct nflog_g_handle *gh, u_int32_t qthresh) nfnl_addattr32(&u.nmh, sizeof(u), NFULA_CFG_QTHRESH, htonl(qthresh)); - return nfnl_talk(gh->h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL); + return nfnl_query(gh->h->nfnlh, &u.nmh); } int nflog_set_nlbufsiz(struct nflog_g_handle *gh, u_int32_t nlbufsiz) @@ -336,7 +339,7 @@ int nflog_set_nlbufsiz(struct nflog_g_handle *gh, u_int32_t nlbufsiz) nfnl_addattr32(&u.nmh, sizeof(u), NFULA_CFG_NLBUFSIZ, htonl(nlbufsiz)); - status = nfnl_talk(gh->h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL); + status = nfnl_query(gh->h->nfnlh, &u.nmh); /* we try to have space for at least 10 messages in the socket buffer */ if (status >= 0) @@ -357,7 +360,7 @@ int nflog_set_flags(struct nflog_g_handle *gh, u_int16_t flags) nfnl_addattr16(&u.nmh, sizeof(u), NFULA_CFG_FLAGS, htons(flags)); - return nfnl_talk(gh->h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL); + return nfnl_query(gh->h->nfnlh, &u.nmh); } |