Message ID | 20170824160208.GA29786@salvia |
---|---|
State | Accepted |
Delegated to: | Pablo Neira |
Headers | show |
Hi, On Thu, 2017-08-24 at 18:02 +0200, Pablo Neira Ayuso wrote: > On Mon, Aug 21, 2017 at 09:12:49PM +0200, Eric Leblond wrote: > [...] > > On Mon, 2017-08-21 at 10:37 +0200, Pablo Neira Ayuso wrote: > > [...] > > > > diff --git a/src/libnftables.c b/src/libnftables.c > > > > index 61ed4e5..15345ae 100644 > > > > --- a/src/libnftables.c > > > > +++ b/src/libnftables.c > > > > @@ -25,7 +25,7 @@ > > > > #include <fcntl.h> > > > > > > > > > > > > -unsigned int max_errors = 10; > > > > +unsigned int max_errors = 1; > > > > > > This is defeating all the work I've done - both in netlink and in > > > userspace - in the past to allow printing several errors in one > > > go. > > > So > > > you likely understand I'm reticent to take this as is :-) > > > > For sure, I was just trying to get you excited so you decide to > > cook a > > patch fixing this :P > > Not sure it's excitement exactly what I'm feeling here... but I'm > trying to help, believe it or not... ;-) I believe you :) > I'm placing the nft_global_init() and nft_global_deinit() into > nft_ctx_new() and nft_ctx_free() as we've been discussing. OK. > I'm going to stop here for a while. There are still a few pending > issues, and I would like we don't release anything until we discuss > all concerns. > > You mentioned about some set issues, please us know. I also want to > think what you would need for the simple API in the exportation and > monitor cases. Could you push the current patchset somewhere so I can get a look this week end ? PS: sorry for the delay in the answers ++
On Fri, Aug 25, 2017 at 01:37:18PM +0200, Eric Leblond wrote: [...] > > I'm going to stop here for a while. There are still a few pending > > issues, and I would like we don't release anything until we discuss > > all concerns. > > > > You mentioned about some set issues, please us know. I also want to > > think what you would need for the simple API in the exportation and > > monitor cases. > > Could you push the current patchset somewhere so I can get a look this > week end ? I pushed it out to master, so we can follow up from there. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From fc55891c99890a1ac65436d78b7b12cd5f63d57d Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo@netfilter.org> Date: Thu, 24 Aug 2017 17:56:38 +0200 Subject: [PATCH] src: call nft_init() and nft_exit() from context routines So we don't forget all these caches should be placed into struct nft_ctx. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- src/main.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/main.c b/src/main.c index 08296a6b57dc..fd16f0145f6c 100644 --- a/src/main.c +++ b/src/main.c @@ -259,7 +259,7 @@ err1: return ret; } -void nft_init(void) +static void nft_init(void) { mark_table_init(); realm_table_rt_init(); @@ -272,7 +272,7 @@ void nft_init(void) #endif } -void nft_exit(void) +static void nft_exit(void) { ct_label_table_exit(); realm_table_rt_exit(); @@ -285,6 +285,7 @@ static struct nft_ctx *nft_ctx_new(void) { struct nft_ctx *ctx; + nft_init(); ctx = xzalloc(sizeof(struct nft_ctx)); ctx->include_paths[0] = DEFAULT_INCLUDE_PATH; @@ -300,6 +301,7 @@ static void nft_ctx_free(const struct nft_ctx *ctx) iface_cache_release(); cache_release(&nft->cache); xfree(ctx); + nft_exit(); } static int nft_run_cmd_from_buffer(struct nft_ctx *nft, @@ -363,8 +365,6 @@ int main(int argc, char * const *argv) int i, val, rc = NFT_EXIT_SUCCESS; struct mnl_socket *nf_sock; - nft_init(); - nft = nft_ctx_new(); nf_sock = netlink_open_sock(); @@ -480,7 +480,6 @@ int main(int argc, char * const *argv) xfree(buf); netlink_close_sock(nf_sock); nft_ctx_free(nft); - nft_exit(); return rc; } -- 2.1.4