diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-08-21 12:24:08 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-08-22 10:49:52 +0200 |
commit | a7abf3f5dc7c43f0b25f1d38f754ffc44da54687 (patch) | |
tree | ece08d8a4dea24d6639dccdd31c81d85c348cd40 /src | |
parent | f2b2581573f7274fb0c292bae8dcfa29a1aac569 (diff) |
conntrack: skip ENOENT when -U/-D finds a stale conntrack entry
-U and -D commands iterate over the netlink dump and it might try to
update/delete an entry which is not in the kernel anymore. Skip ENOENT
errors.
The -U command uses printf and it continues on error, instead bail out
with exit_error().
This problem is present in 1.4.6, this is related to the recent
updates to use libmnl in 1.4.7.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/conntrack.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/conntrack.c b/src/conntrack.c index e1385b2..980f14f 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -1989,10 +1989,14 @@ static int mnl_nfct_delete_cb(const struct nlmsghdr *nlh, void *data) res = nfct_mnl_request(modifier_sock, NFNL_SUBSYS_CTNETLINK, nfct_get_attr_u8(ct, ATTR_ORIG_L3PROTO), IPCTNL_MSG_CT_DELETE, NLM_F_ACK, NULL, ct, NULL); - if (res < 0) + if (res < 0) { + /* the entry has vanish in middle of the delete */ + if (errno == ENOENT) + goto done; exit_error(OTHER_PROBLEM, "Operation failed: %s", err2str(errno, CT_DELETE)); + } if (output_mask & _O_SAVE) { ct_save_snprintf(buf, sizeof(buf), ct, labelmap, NFCT_T_DESTROY); @@ -2188,8 +2192,12 @@ static int mnl_nfct_update_cb(const struct nlmsghdr *nlh, void *data) nfct_get_attr_u8(ct, ATTR_ORIG_L3PROTO), IPCTNL_MSG_CT_NEW, NLM_F_ACK, NULL, tmp, NULL); if (res < 0) { - fprintf(stderr, "Operation failed: %s\n", - err2str(errno, CT_UPDATE)); + /* the entry has vanish in middle of the update */ + if (errno == ENOENT) + goto destroy_ok; + exit_error(OTHER_PROBLEM, + "Operation failed: %s", + err2str(errno, CT_UPDATE)); } res = nfct_mnl_request(modifier_sock, NFNL_SUBSYS_CTNETLINK, |