| Message ID | 1404469942-6263-1-git-send-email-pablo@netfilter.org |
|---|---|
| State | Superseded |
| Delegated to: | Pablo Neira |
| Headers | show |
On 4. Juli 2014 12:32:22 MESZ, Pablo Neira Ayuso <pablo@netfilter.org> wrote: >This flag allows to detect that an update has ocurred while dumping >any of the object lists. > ><cmdline>:1:1-17: Error: Could not receive rules from kernel: >Interrupted system call >list table filter >^^^^^^^^^^^^^^^^^ > >Basically, the user has to retry to make sure that it saves the current >rule-set. Shouldn't we automatically handle this? Transient failure is really bad for many reasons. > >Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> >--- > src/mnl.c | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > >diff --git a/src/mnl.c b/src/mnl.c >index a816106..d3c91b4 100644 >--- a/src/mnl.c >+++ b/src/mnl.c >@@ -363,6 +363,9 @@ static int rule_cb(const struct nlmsghdr *nlh, void >*data) > struct nft_rule_list *nlr_list = data; > struct nft_rule *r; > >+ if (nlh->nlmsg_flags & NLM_F_DUMP_INTR) >+ return MNL_CB_ERROR; >+ > r = nft_rule_alloc(); > if (r == NULL) > memory_allocation_error(); >@@ -474,6 +477,9 @@ static int chain_cb(const struct nlmsghdr *nlh, >void *data) > struct nft_chain_list *nlc_list = data; > struct nft_chain *c; > >+ if (nlh->nlmsg_flags & NLM_F_DUMP_INTR) >+ return MNL_CB_ERROR; >+ > c = nft_chain_alloc(); > if (c == NULL) > memory_allocation_error(); >@@ -603,6 +609,9 @@ static int table_cb(const struct nlmsghdr *nlh, >void *data) > struct nft_table_list *nlt_list = data; > struct nft_table *t; > >+ if (nlh->nlmsg_flags & NLM_F_DUMP_INTR) >+ return MNL_CB_ERROR; >+ > t = nft_table_alloc(); > if (t == NULL) > memory_allocation_error(); >@@ -736,6 +745,9 @@ static int set_cb(const struct nlmsghdr *nlh, void >*data) > struct nft_set_list *nls_list = data; > struct nft_set *s; > >+ if (nlh->nlmsg_flags & NLM_F_DUMP_INTR) >+ return MNL_CB_ERROR; >+ > s = nft_set_alloc(); > if (s == NULL) > memory_allocation_error(); >@@ -839,6 +851,9 @@ int mnl_nft_setelem_delete(struct mnl_socket >*nf_sock, struct nft_set *nls, > > static int set_elem_cb(const struct nlmsghdr *nlh, void *data) > { >+ if (nlh->nlmsg_flags & NLM_F_DUMP_INTR) >+ return MNL_CB_ERROR; >+ > nft_set_elems_nlmsg_parse(nlh, data); > return MNL_CB_OK; > }
On Sat, Jul 05, 2014 at 07:18:51PM +0200, Patrick McHardy wrote: > On 4. Juli 2014 12:32:22 MESZ, Pablo Neira Ayuso <pablo@netfilter.org> wrote: > >This flag allows to detect that an update has ocurred while dumping > >any of the object lists. > > > ><cmdline>:1:1-17: Error: Could not receive rules from kernel: > >Interrupted system call > >list table filter > >^^^^^^^^^^^^^^^^^ > > > >Basically, the user has to retry to make sure that it saves the current > >rule-set. > > Shouldn't we automatically handle this? Transient failure is really > bad for many reasons. OK, I'm going to extend this so it indefinitely retries until it fetches the entire rule-set. Thanks Patrick. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/src/mnl.c b/src/mnl.c index a816106..d3c91b4 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -363,6 +363,9 @@ static int rule_cb(const struct nlmsghdr *nlh, void *data) struct nft_rule_list *nlr_list = data; struct nft_rule *r; + if (nlh->nlmsg_flags & NLM_F_DUMP_INTR) + return MNL_CB_ERROR; + r = nft_rule_alloc(); if (r == NULL) memory_allocation_error(); @@ -474,6 +477,9 @@ static int chain_cb(const struct nlmsghdr *nlh, void *data) struct nft_chain_list *nlc_list = data; struct nft_chain *c; + if (nlh->nlmsg_flags & NLM_F_DUMP_INTR) + return MNL_CB_ERROR; + c = nft_chain_alloc(); if (c == NULL) memory_allocation_error(); @@ -603,6 +609,9 @@ static int table_cb(const struct nlmsghdr *nlh, void *data) struct nft_table_list *nlt_list = data; struct nft_table *t; + if (nlh->nlmsg_flags & NLM_F_DUMP_INTR) + return MNL_CB_ERROR; + t = nft_table_alloc(); if (t == NULL) memory_allocation_error(); @@ -736,6 +745,9 @@ static int set_cb(const struct nlmsghdr *nlh, void *data) struct nft_set_list *nls_list = data; struct nft_set *s; + if (nlh->nlmsg_flags & NLM_F_DUMP_INTR) + return MNL_CB_ERROR; + s = nft_set_alloc(); if (s == NULL) memory_allocation_error(); @@ -839,6 +851,9 @@ int mnl_nft_setelem_delete(struct mnl_socket *nf_sock, struct nft_set *nls, static int set_elem_cb(const struct nlmsghdr *nlh, void *data) { + if (nlh->nlmsg_flags & NLM_F_DUMP_INTR) + return MNL_CB_ERROR; + nft_set_elems_nlmsg_parse(nlh, data); return MNL_CB_OK; }
This flag allows to detect that an update has ocurred while dumping any of the object lists. <cmdline>:1:1-17: Error: Could not receive rules from kernel: Interrupted system call list table filter ^^^^^^^^^^^^^^^^^ Basically, the user has to retry to make sure that it saves the current rule-set. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- src/mnl.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+)