summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEyal Birger <eyal.birger@gmail.com>2021-01-01 11:02:26 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2021-01-03 20:03:54 +0100
commitd05e9515b84074b0a0a49a2b49da31bd057bad7b (patch)
tree26df9ec48df9f9fa0e4987becc7cdc8dc37f1775
parentf20393c27802449d9b9c4e52540c716f1fc1ecc2 (diff)
examples: check return value of nfct_nlmsg_build()HEADmaster
nfct_nlmsg_build() may fail for different reasons, for example if insufficient parameters exist in the ct object. The resulting nlh would not contain any of the ct attributes. Some conntrack operations would still operate in such case, for example an IPCTNL_MSG_CT_DELETE message would just delete all existing conntrack entries. While the example as it is does supply correct parameters, it's safer as reference to validate the return value. Signed-off-by: Eyal Birger <eyal.birger@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--examples/nfct-mnl-create.c6
-rw-r--r--examples/nfct-mnl-del.c6
-rw-r--r--examples/nfct-mnl-get.c6
-rw-r--r--examples/nfct-mnl-set-label.c7
4 files changed, 21 insertions, 4 deletions
diff --git a/examples/nfct-mnl-create.c b/examples/nfct-mnl-create.c
index 64387a7..7fd224d 100644
--- a/examples/nfct-mnl-create.c
+++ b/examples/nfct-mnl-create.c
@@ -60,7 +60,11 @@ int main(void)
nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
- nfct_nlmsg_build(nlh, ct);
+ ret = nfct_nlmsg_build(nlh, ct);
+ if (ret == -1) {
+ perror("nfct_nlmsg_build");
+ exit(EXIT_FAILURE);
+ }
ret = mnl_socket_sendto(nl, nlh, nlh->nlmsg_len);
if (ret == -1) {
diff --git a/examples/nfct-mnl-del.c b/examples/nfct-mnl-del.c
index 91ad9e4..806d9f8 100644
--- a/examples/nfct-mnl-del.c
+++ b/examples/nfct-mnl-del.c
@@ -55,7 +55,11 @@ int main(void)
nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20));
nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10));
- nfct_nlmsg_build(nlh, ct);
+ ret = nfct_nlmsg_build(nlh, ct);
+ if (ret == -1) {
+ perror("nfct_nlmsg_build");
+ exit(EXIT_FAILURE);
+ }
ret = mnl_socket_sendto(nl, nlh, nlh->nlmsg_len);
if (ret == -1) {
diff --git a/examples/nfct-mnl-get.c b/examples/nfct-mnl-get.c
index 4858acf..5be3331 100644
--- a/examples/nfct-mnl-get.c
+++ b/examples/nfct-mnl-get.c
@@ -74,7 +74,11 @@ int main(void)
nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20));
nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10));
- nfct_nlmsg_build(nlh, ct);
+ ret = nfct_nlmsg_build(nlh, ct);
+ if (ret == -1) {
+ perror("nfct_nlmsg_build");
+ exit(EXIT_FAILURE);
+ }
ret = mnl_socket_sendto(nl, nlh, nlh->nlmsg_len);
if (ret == -1) {
diff --git a/examples/nfct-mnl-set-label.c b/examples/nfct-mnl-set-label.c
index c52b267..50bebb0 100644
--- a/examples/nfct-mnl-set-label.c
+++ b/examples/nfct-mnl-set-label.c
@@ -19,6 +19,7 @@ static void set_label(struct nf_conntrack *ct, struct callback_args *cbargs)
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
struct nfgenmsg *nfh;
+ int ret;
if (b) {
if (bit < 0)
@@ -55,7 +56,11 @@ static void set_label(struct nf_conntrack *ct, struct callback_args *cbargs)
nfh->version = NFNETLINK_V0;
nfh->res_id = 0;
- nfct_nlmsg_build(nlh, ct);
+ ret = nfct_nlmsg_build(nlh, ct);
+ if (ret == -1) {
+ perror("nfct_nlmsg_build");
+ exit(EXIT_FAILURE);
+ }
if (mnl_socket_sendto(cbargs->nl, nlh, nlh->nlmsg_len) < 0)
perror("mnl_socket_sendto");