lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 24 May 2012 18:57:16 +0800
From:	Gao feng <gaofeng@...fujitsu.com>
To:	Pablo Neira Ayuso <pablo@...filter.org>
CC:	netfilter-devel@...r.kernel.org, netdev@...r.kernel.org,
	serge.hallyn@...onical.com, ebiederm@...ssion.com,
	dlezcano@...ibm.com
Subject: Re: [PATCH 03/17] netfilter: add namespace support for l3proto

于 2012年05月24日 18:04, Pablo Neira Ayuso 写道:
> On Thu, May 24, 2012 at 09:58:02AM +0800, Gao feng wrote:
>> 于 2012年05月23日 18:29, Pablo Neira Ayuso 写道:
>>> On Mon, May 14, 2012 at 04:52:13PM +0800, Gao feng wrote:
> [...]
>>>> diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
>>>> index 6d68727..7ee6653 100644
>>>> --- a/net/netfilter/nf_conntrack_proto.c
>>>> +++ b/net/netfilter/nf_conntrack_proto.c
>>>> @@ -170,85 +170,116 @@ static int kill_l4proto(struct nf_conn *i, void *data)
>>>>  	       nf_ct_l3num(i) == l4proto->l3proto;
>>>>  }
>>>>  
>>>> -static int nf_ct_l3proto_register_sysctl(struct nf_conntrack_l3proto *l3proto)
>>>> +static struct nf_ip_net *nf_ct_l3proto_net(struct net *net,
>>>> +					   struct nf_conntrack_l3proto *l3proto)
>>>> +{
>>>> +	if (l3proto->l3proto == PF_INET)
>>>> +		return &net->ct.proto;
>>>> +	else
>>>> +		return NULL;
>>>> +}
>>>> +
>>>> +static int nf_ct_l3proto_register_sysctl(struct net *net,
>>>> +					 struct nf_conntrack_l3proto *l3proto)
>>>>  {
>>>>  	int err = 0;
>>>> +	struct nf_ip_net *in = nf_ct_l3proto_net(net, l3proto);
>>>>  
>>>> -#ifdef CONFIG_SYSCTL
>>>> -	if (l3proto->ctl_table != NULL) {
>>>> -		err = nf_ct_register_sysctl(&init_net,
>>>> -					    &l3proto->ctl_table_header,
>>>> +	if (in == NULL)
>>>> +		return 0;
>>>
>>> Under what circunstances that in be NULL?
>>
>> Because l3proto_ipv6 doesn't need sysctl,so l3proto_ipv6's nf_ip_net is NULL,
>> please see function nf_ct_l3proto_net above.
> 
> Then, please add a comment there to explain that some per-net protocol
> information may missing since no sysctl is supported.

Yes, I will add a comment to make it more clearer ;)

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ