diff options
author | Florian Westphal <fw@strlen.de> | 2013-09-13 16:44:47 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-09-14 20:55:39 +0200 |
commit | 21933b7817d313c08b69faf772685f87f0f16356 (patch) | |
tree | 4cf2b0798256d014d57c67c2ad8bef518eccb0af | |
parent | 4e02019fb2b8ddcf374c7e026dbdd7881dc09506 (diff) |
expr: log: use real length when fetching attributes
NFTA_LOG_SNAPLEN is u32 and NFTA_LOG_QTHRESHOLD is u16.
Without this, netlink messages from kernel fail mnl_validate step when
QTHRESH or SNAPLEN was set.
Also, nft_rule_expr_log_get must update data_length, else 'nft list' doesn't
show log arguments (prefix, group ..) because the netlink message
decoding uses nft_rule_expr_get_u16/32 etc. which validate the length, too.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/expr/log.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/expr/log.c b/src/expr/log.c index bbbd5b9..90fb32e 100644 --- a/src/expr/log.c +++ b/src/expr/log.c @@ -64,12 +64,16 @@ nft_rule_expr_log_get(const struct nft_rule_expr *e, uint16_t type, switch(type) { case NFT_EXPR_LOG_PREFIX: + *data_len = strlen(log->prefix)+1; return log->prefix; case NFT_EXPR_LOG_GROUP: + *data_len = sizeof(log->group); return &log->group; case NFT_EXPR_LOG_SNAPLEN: + *data_len = sizeof(log->snaplen); return &log->snaplen; case NFT_EXPR_LOG_QTHRESHOLD: + *data_len = sizeof(log->qthreshold); return &log->qthreshold; } return NULL; @@ -91,13 +95,13 @@ static int nft_rule_expr_log_cb(const struct nlattr *attr, void *data) } break; case NFTA_LOG_GROUP: - case NFTA_LOG_SNAPLEN: + case NFTA_LOG_QTHRESHOLD: if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; - case NFTA_LOG_QTHRESHOLD: + case NFTA_LOG_SNAPLEN: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; |