diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-10-24 00:24:55 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-10-28 23:20:38 +0100 |
| commit | 68d2de3ca6c6eb18f5b32f7b4324a85c9c6c358e (patch) | |
| tree | cce19a5fe558191fb6ba26358c86c5a8fcd2beb0 /src/cmd.c | |
| parent | 42b081df747729b0d83b69d2816be4091af56a58 (diff) | |
src: fix extended netlink error reporting with large set elements
Large sets can expand into several netlink messages, use sequence number
and attribute offset to correlate the set element and the location.
When set element command expands into several netlink messages,
increment sequence number for each netlink message. Update struct cmd to
store the range of netlink messages that result from this command.
struct nlerr_loc remains in the same size in x86_64.
# nft -f set-65535.nft
set-65535.nft:65029:22-32: Error: Could not process rule: File exists
create element x y { 1.1.254.253 }
^^^^^^^^^^^
Fixes: f8aec603aa7e ("src: initial extended netlink error reporting")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/cmd.c')
| -rw-r--r-- | src/cmd.c | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -24,6 +24,7 @@ void cmd_add_loc(struct cmd *cmd, const struct nlmsghdr *nlh, const struct locat cmd->attr = xrealloc(cmd->attr, sizeof(struct nlerr_loc) * cmd->attr_array_len); } + cmd->attr[cmd->num_attrs].seqnum = nlh->nlmsg_seq; cmd->attr[cmd->num_attrs].offset = nlh->nlmsg_len; cmd->attr[cmd->num_attrs].location = loc; cmd->num_attrs++; @@ -323,7 +324,8 @@ void nft_cmd_error(struct netlink_ctx *ctx, struct cmd *cmd, uint32_t i; for (i = 0; i < cmd->num_attrs; i++) { - if (cmd->attr[i].offset == err->offset) + if (cmd->attr[i].seqnum == err->seqnum && + cmd->attr[i].offset == err->offset) loc = cmd->attr[i].location; } |