lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150316131113.GA5744@salvia>
Date:	Mon, 16 Mar 2015 14:11:13 +0100
From:	Pablo Neira Ayuso <pablo@...filter.org>
To:	Richard Weinberger <richard@....at>
Cc:	netdev@...r.kernel.org, linux-wireless@...r.kernel.org,
	coreteam@...filter.org, netfilter-devel@...r.kernel.org,
	linux-kernel@...r.kernel.org, sameo@...ux.intel.com,
	aloisio.almeida@...nbossa.org, lauro.venancio@...nbossa.org,
	davem@...emloft.net, kadlec@...ckhole.kfki.hu, kaber@...sh.net
Subject: Re: [PATCH 4/4] netfilter: Fix format string of nfnetlink_queue proc
 file

On Fri, Mar 13, 2015 at 03:22:07PM +0100, Richard Weinberger wrote:
> Am 13.03.2015 um 14:53 schrieb Pablo Neira Ayuso:
> >> You mean statistics via netlink attributes? I can add that!
> > 
> > Add a new NFQNL_CFG_CMD_STATS command to request the statistics. If
> > NLM_F_DUMP is set, then we'll basically provide the full list of
> > instances. Otherwise, in case you want to retrieve stats for a
> > specific netlink socket, you can use the netlink portID as index.
> > And you'll have to add attributes for this new command, yes.
> 
> This was my plan. Thanks for the pointer!

It would be great if you can contribute this new interface.

> >> But I think we should also fix the format string of the proc file
> >> as the fix is easy and non-intrusive.
> > 
> > Unfortunately we don't know how many people are relying on that
> > output, I prefer to remain conservative and provide a proper netlink
> > interface for this.
> 
> I understand your concerns but an application which is able to parse positive
> and negative numbers can also parse pure positives.
> Just made a small test application, glibc's %d in sscanf() can also deal with UINT_MAX.
> And I don't expect that applications to check whether the returned values from
> /proc/net/netfilter/nfnetlink_queue are between INT_MIN and INT_MAX.
> 
> That said, I'd have assumed that an user would report negative values as plain kernel bug.

Makes sense, please fix net/netfilter/nfnetlink_log.c too.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ