summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2009-02-17 20:47:21 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2009-02-17 20:47:21 +0100
commitbc56a6becbd4c4edf743ca3bee32eb0329fc5e5a (patch)
treef75ad5bdf1b1a20031f359b3765719df99a62ad8
parent3bd2cefc0fb9685fde9d402fdbe3f4f3ec3ddd7d (diff)
nfq: replace nfnl_talk by nfnl_query and disable sequence tracking
This patch replaces the nfnl_talk() calls by the newer nfnl_query(). This patch also disables netlink sequence tracking by default. Spurious race conditions in the sequence tracking may occur while creating queues and receiving high load of packets at the same time. Reported-by: Anton Vazir <anton.vazir@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--configure.in2
-rw-r--r--src/libnetfilter_queue.c9
2 files changed, 7 insertions, 4 deletions
diff --git a/configure.in b/configure.in
index d3ce4a0..15e03a1 100644
--- a/configure.in
+++ b/configure.in
@@ -18,7 +18,7 @@ case $target in
esac
dnl Dependencies
-LIBNFNETLINK_REQUIRED=0.0.38
+LIBNFNETLINK_REQUIRED=0.0.41
PKG_CHECK_MODULES(LIBNFNETLINK, libnfnetlink >= $LIBNFNETLINK_REQUIRED,,
AC_MSG_ERROR(Cannot find libnfnetlink >= $LIBNFNETLINK_REQUIRED))
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c
index 9e4903b..a2d0de2 100644
--- a/src/libnetfilter_queue.c
+++ b/src/libnetfilter_queue.c
@@ -141,7 +141,7 @@ __build_send_cfg_msg(struct nfq_handle *h, u_int8_t command,
cmd.pf = htons(pf);
nfnl_addattr_l(&u.nmh, sizeof(u), NFQA_CFG_CMD, &cmd, sizeof(cmd));
- return nfnl_talk(h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL);
+ return nfnl_query(h->nfnlh, &u.nmh);
}
static int __nfq_rcv_pkt(struct nlmsghdr *nlh, struct nfattr *nfa[],
@@ -295,6 +295,9 @@ struct nfq_handle *nfq_open(void)
if (!nfnlh)
return NULL;
+ /* unset netlink sequence tracking by default */
+ nfnl_unset_sequence_tracking(nfnlh);
+
qh = nfq_open_nfnl(nfnlh);
if (!qh)
nfnl_close(nfnlh);
@@ -553,7 +556,7 @@ int nfq_set_mode(struct nfq_q_handle *qh,
nfnl_addattr_l(&u.nmh, sizeof(u), NFQA_CFG_PARAMS, &params,
sizeof(params));
- return nfnl_talk(qh->h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL);
+ return nfnl_query(qh->h->nfnlh, &u.nmh);
}
/**
@@ -581,7 +584,7 @@ int nfq_set_queue_maxlen(struct nfq_q_handle *qh,
nfnl_addattr_l(&u.nmh, sizeof(u), NFQA_CFG_QUEUE_MAXLEN, &queue_maxlen,
sizeof(queue_maxlen));
- return nfnl_talk(qh->h->nfnlh, &u.nmh, 0, 0, NULL, NULL, NULL);
+ return nfnl_query(qh->h->nfnlh, &u.nmh);
}
/**