| Message ID | 1363675513.4767.6.camel@nexus |
|---|---|
| State | Not Applicable |
| Headers | show |
Hi Michael, Do you see any problem with these two patches? Thanks, Fernando On 2013/03/19 15:45, Fernando Luis Vázquez Cao wrote: > Subject: [PATCH 1/2] man/send(2): add EPERM to the list of possible errors > > System policy (for example netfilter rule) can cause a send* operation > to fail with EPERM. > > Reported-by: Hirotaka Sasaki <sasaki.hirotaka@lab.ntt.co.jp> > Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> > --- > > diff -urNp man-pages-3.50-orig/man2/send.2 man-pages-3.50/man2/send.2 > --- man-pages-3.50-orig/man2/send.2 2013-03-15 16:17:32.000000000 +0900 > +++ man-pages-3.50/man2/send.2 2013-03-19 15:17:03.616008275 +0900 > @@ -357,6 +357,10 @@ Some bit in the > .I flags > argument is inappropriate for the socket type. > .TP > +.B EPERM > +System policy (for example a netfilter rule) does not permit the requested > +operation. > +.TP > .B EPIPE > The local end has been shut down on a connection oriented socket. > In this case the process -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, Mar 26, 2013 at 05:37:50PM +0900, Fernando Luis Vazquez Cao wrote: > Hi Michael, > > Do you see any problem with these two patches? Please, hold on with the second patch. I'd like to find a possible solution for the EPERM problem that we've been discussing. It requires some rework and performance evaluation. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi Pablo, On 2013/03/26 19:48, Pablo Neira Ayuso wrote: > On Tue, Mar 26, 2013 at 05:37:50PM +0900, Fernando Luis Vazquez Cao wrote: >> Hi Michael, >> >> Do you see any problem with these two patches? > Please, hold on with the second patch. Are you Ok with getting patch 1 merged while be discuss what to do about the issue that the second patch tried to document? Could I get your "Acked-by" for it? > I'd like to find a possible solution for the EPERM problem that we've > been discussing. It requires some rework and performance evaluation. The problem is that there is a huge installed base of systems that show this broken behaviour, so even if we find a proper fix for it we still should document which systems may be affected by the spurious EPERM bug, thus giving application programmers a chance to add logic to their programs to recover from such eventualities. Regards, Fernando -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, Mar 19, 2013 at 03:45:13PM +0900, Fernando Luis Vázquez Cao wrote: > Subject: [PATCH 1/2] man/send(2): add EPERM to the list of possible errors > > System policy (for example netfilter rule) can cause a send* operation > to fail with EPERM. > > Reported-by: Hirotaka Sasaki <sasaki.hirotaka@lab.ntt.co.jp> > Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi Fernando, On Wed, Mar 27, 2013 at 01:14:49PM +0900, Fernando Luis Vazquez Cao wrote: > Hi Pablo, > > On 2013/03/26 19:48, Pablo Neira Ayuso wrote: > >On Tue, Mar 26, 2013 at 05:37:50PM +0900, Fernando Luis Vazquez Cao wrote: > >>Hi Michael, > >> > >>Do you see any problem with these two patches? > >Please, hold on with the second patch. > > Are you Ok with getting patch 1 merged while be discuss > what to do about the issue that the second patch tried to > document? Could I get your "Acked-by" for it? Done. > >I'd like to find a possible solution for the EPERM problem that we've > >been discussing. It requires some rework and performance evaluation. > > The problem is that there is a huge installed base of > systems that show this broken behaviour, so even if > we find a proper fix for it we still should document > which systems may be affected by the spurious EPERM > bug, thus giving application programmers a chance to > add logic to their programs to recover from such > eventualities. I see. The problem is that it will take some time until that manpage update reaches main distributions, by that time we may have fixed it already in existing kernels. Then, we'll have to remove it again. I still think patch 1 already provides some clue to programmers regarding EPERM at this moment (even if not so explicit and detailed). Please, ping me again if we didn't come up with some solution for this in some prudential amount of time. Regards. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 2013-03-28 02:42, Pablo Neira Ayuso wrote: > On Tue, Mar 19, 2013 at 03:45:13PM +0900, Fernando Luis Vázquez Cao wrote: >> Subject: [PATCH 1/2] man/send(2): add EPERM to the list of possible errors >> >> System policy (for example netfilter rule) can cause a send* operation >> to fail with EPERM. >> >> Reported-by: Hirotaka Sasaki <sasaki.hirotaka@lab.ntt.co.jp> >> Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> > Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> Thank you for the "Acked-by", Pablo. Michael, could you pick this patch? - Fernando -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 2013-03-28 02:51, Pablo Neira Ayuso wrote: > On Wed, Mar 27, 2013 at 01:14:49PM +0900, Fernando Luis Vazquez Cao wrote: >>> I'd like to find a possible solution for the EPERM problem that we've >>> been discussing. It requires some rework and performance evaluation. >> The problem is that there is a huge installed base of >> systems that show this broken behaviour, so even if >> we find a proper fix for it we still should document >> which systems may be affected by the spurious EPERM >> bug, thus giving application programmers a chance to >> add logic to their programs to recover from such >> eventualities. > I see. The problem is that it will take some time until that manpage > update reaches main distributions, by that time we may have fixed it > already in existing kernels. Then, we'll have to remove it again. IMHO, if the second patch were applied too and we managed to fix the bug it documents after that, we should not revert it but apply a new patch along the lines of: "In older versions of the Linux kernel (< 3.??) ...". I will certainly want applications developed on future distributions to work properly on my legacy Debian Squeeze systems (a distribution upgrade or a backport of the upstream fix to your distribution's kernel may not possible). > I still think patch 1 already provides some clue to programmers > regarding EPERM at this moment (even if not so explicit and detailed). For the reasons exposed above I'd rather have the second patch applied too, but I will defer to you and Michael on that regard. > Please, ping me again if we didn't come up with some solution for this > in some prudential amount of time. I will. Thank you. I would appreciate it if you kept me CCed. - Fernando -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff -urNp man-pages-3.50-orig/man2/send.2 man-pages-3.50/man2/send.2 --- man-pages-3.50-orig/man2/send.2 2013-03-15 16:17:32.000000000 +0900 +++ man-pages-3.50/man2/send.2 2013-03-19 15:17:03.616008275 +0900 @@ -357,6 +357,10 @@ Some bit in the .I flags argument is inappropriate for the socket type. .TP +.B EPERM +System policy (for example a netfilter rule) does not permit the requested +operation. +.TP .B EPIPE The local end has been shut down on a connection oriented socket. In this case the process
Subject: [PATCH 1/2] man/send(2): add EPERM to the list of possible errors System policy (for example netfilter rule) can cause a send* operation to fail with EPERM. Reported-by: Hirotaka Sasaki <sasaki.hirotaka@lab.ntt.co.jp> Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> --- -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html