From patchwork Thu May 30 10:55:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 1107723 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netfilter.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45F4Hf2GRHz9s5c for ; Thu, 30 May 2019 20:55:42 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726666AbfE3Kzk (ORCPT ); Thu, 30 May 2019 06:55:40 -0400 Received: from mail.us.es ([193.147.175.20]:35316 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726198AbfE3Kzk (ORCPT ); Thu, 30 May 2019 06:55:40 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id 29FFEC1DE4 for ; Thu, 30 May 2019 12:55:36 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 1C269DA713 for ; Thu, 30 May 2019 12:55:36 +0200 (CEST) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id 11C47DA702; Thu, 30 May 2019 12:55:36 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int X-Spam-Level: X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50, SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1 Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id E5D22DA702; Thu, 30 May 2019 12:55:33 +0200 (CEST) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Thu, 30 May 2019 12:55:33 +0200 (CEST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from salvia.here (sys.soleta.eu [212.170.55.40]) (Authenticated sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id C36F74265A5B; Thu, 30 May 2019 12:55:33 +0200 (CEST) X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: phil@nwl.cc Subject: [PATCH nft,v2 1/7] mnl: add mnl_set_rcvbuffer() and use it Date: Thu, 30 May 2019 12:55:23 +0200 Message-Id: <20190530105529.12657-1-pablo@netfilter.org> X-Mailer: git-send-email 2.11.0 X-Virus-Scanned: ClamAV using ClamSMTP Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This new function allows us to set the netlink receiver buffer. Signed-off-by: Pablo Neira Ayuso --- src/mnl.c | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/src/mnl.c b/src/mnl.c index f6363560721c..288a887df097 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -233,6 +233,23 @@ static void mnl_set_sndbuffer(const struct mnl_socket *nl, nlbuffsiz = newbuffsiz; } +static int mnl_set_rcvbuffer(const struct mnl_socket *nl, size_t bufsiz) +{ + int ret; + + ret = setsockopt(mnl_socket_get_fd(nl), SOL_SOCKET, SO_RCVBUFFORCE, + &bufsiz, sizeof(socklen_t)); + if (ret < 0) { + /* If this doesn't work, try to reach the system wide maximum + * (or whatever the user requested). + */ + ret = setsockopt(mnl_socket_get_fd(nl), SOL_SOCKET, SO_RCVBUF, + &bufsiz, sizeof(socklen_t)); + } + + return ret; +} + static ssize_t mnl_nft_socket_sendmsg(const struct netlink_ctx *ctx) { static const struct sockaddr_nl snl = { @@ -1391,20 +1408,12 @@ int mnl_nft_event_listener(struct mnl_socket *nf_sock, unsigned int debug_mask, fd_set readfds; int ret; - ret = setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &bufsiz, - sizeof(socklen_t)); - if (ret < 0) { - /* If this doesn't work, try to reach the system wide maximum - * (or whatever the user requested). - */ - ret = setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &bufsiz, - sizeof(socklen_t)); - if (ret < 0) - nft_print(octx, "# Cannot increase netlink socket buffer size, expect message loss\n"); - else - nft_print(octx, "# Cannot set up netlink socket buffer size to %u bytes, falling back to %u bytes\n", - NFTABLES_NLEVENT_BUFSIZ, bufsiz); - } + ret = mnl_set_rcvbuffer(nf_sock, bufsiz); + if (ret < 0) + nft_print(octx, "# Cannot increase netlink socket buffer size, expect message loss\n"); + else + nft_print(octx, "# Cannot set up netlink socket buffer size to %u bytes, falling back to %u bytes\n", + NFTABLES_NLEVENT_BUFSIZ, bufsiz); while (1) { FD_ZERO(&readfds); From patchwork Thu May 30 10:55:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 1107725 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netfilter.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45F4Hg2zCDz9s3l for ; Thu, 30 May 2019 20:55:43 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726668AbfE3Kzl (ORCPT ); Thu, 30 May 2019 06:55:41 -0400 Received: from mail.us.es ([193.147.175.20]:35318 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726599AbfE3Kzk (ORCPT ); Thu, 30 May 2019 06:55:40 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id 5FF13C1DE8 for ; Thu, 30 May 2019 12:55:37 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 4EE44DA703 for ; Thu, 30 May 2019 12:55:37 +0200 (CEST) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id 440EDDA715; Thu, 30 May 2019 12:55:37 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int X-Spam-Level: X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50, SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1 Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 45D1ADA705; Thu, 30 May 2019 12:55:35 +0200 (CEST) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Thu, 30 May 2019 12:55:35 +0200 (CEST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from salvia.here (sys.soleta.eu [212.170.55.40]) (Authenticated sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id 164054265A5B; Thu, 30 May 2019 12:55:35 +0200 (CEST) X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: phil@nwl.cc Subject: [PATCH nft, v2 2/7] mnl: mnl_set_rcvbuffer() skips buffer size update if it is too small Date: Thu, 30 May 2019 12:55:24 +0200 Message-Id: <20190530105529.12657-2-pablo@netfilter.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190530105529.12657-1-pablo@netfilter.org> References: <20190530105529.12657-1-pablo@netfilter.org> X-Virus-Scanned: ClamAV using ClamSMTP Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Check for existing buffer size, if this is larger than the requested new buffer size, skip the buffer size update. Signed-off-by: Pablo Neira Ayuso --- src/mnl.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/mnl.c b/src/mnl.c index 288a887df097..a84a6a609333 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -235,8 +235,15 @@ static void mnl_set_sndbuffer(const struct mnl_socket *nl, static int mnl_set_rcvbuffer(const struct mnl_socket *nl, size_t bufsiz) { + size_t cur_bufsiz; + socklen_t len; int ret; + ret = getsockopt(mnl_socket_get_fd(nl), SOL_SOCKET, SO_RCVBUF, + &cur_bufsiz, &len); + if (cur_bufsiz > bufsiz) + return 0; + ret = setsockopt(mnl_socket_get_fd(nl), SOL_SOCKET, SO_RCVBUFFORCE, &bufsiz, sizeof(socklen_t)); if (ret < 0) { From patchwork Thu May 30 10:55:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 1107722 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netfilter.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45F4Hd15DYz9s3l for ; Thu, 30 May 2019 20:55:40 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726649AbfE3Kzk (ORCPT ); Thu, 30 May 2019 06:55:40 -0400 Received: from mail.us.es ([193.147.175.20]:35334 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726610AbfE3Kzj (ORCPT ); Thu, 30 May 2019 06:55:39 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id 00235C1DF0 for ; Thu, 30 May 2019 12:55:38 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id E5C1EDA70B for ; Thu, 30 May 2019 12:55:37 +0200 (CEST) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id DB667DA717; Thu, 30 May 2019 12:55:37 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int X-Spam-Level: X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50, SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1 Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id E251FDA70B; Thu, 30 May 2019 12:55:35 +0200 (CEST) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Thu, 30 May 2019 12:55:35 +0200 (CEST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from salvia.here (sys.soleta.eu [212.170.55.40]) (Authenticated sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id B87E44265A5B; Thu, 30 May 2019 12:55:35 +0200 (CEST) X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: phil@nwl.cc Subject: [PATCH nft, v2 3/7] mnl: call mnl_set_sndbuffer() from mnl_batch_talk() Date: Thu, 30 May 2019 12:55:25 +0200 Message-Id: <20190530105529.12657-3-pablo@netfilter.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190530105529.12657-1-pablo@netfilter.org> References: <20190530105529.12657-1-pablo@netfilter.org> X-Virus-Scanned: ClamAV using ClamSMTP Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Instead of mnl_nft_socket_sendmsg(), just a cleanup. Signed-off-by: Pablo Neira Ayuso --- src/mnl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/mnl.c b/src/mnl.c index a84a6a609333..b3999d5f1d9f 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -272,7 +272,6 @@ static ssize_t mnl_nft_socket_sendmsg(const struct netlink_ctx *ctx) }; uint32_t i; - mnl_set_sndbuffer(ctx->nft->nf_sock, ctx->batch); nftnl_batch_iovec(ctx->batch, iov, iov_len); for (i = 0; i < iov_len; i++) { @@ -298,6 +297,8 @@ int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list) }; int err = 0; + mnl_set_sndbuffer(ctx->nft->nf_sock, ctx->batch); + ret = mnl_nft_socket_sendmsg(ctx); if (ret == -1) return -1; From patchwork Thu May 30 10:55:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 1107724 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netfilter.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45F4Hf65Dyz9s7h for ; Thu, 30 May 2019 20:55:42 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726670AbfE3Kzl (ORCPT ); Thu, 30 May 2019 06:55:41 -0400 Received: from mail.us.es ([193.147.175.20]:35342 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726628AbfE3Kzk (ORCPT ); Thu, 30 May 2019 06:55:40 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id 8B8A3C1DE0 for ; Thu, 30 May 2019 12:55:38 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 7C198DA702 for ; Thu, 30 May 2019 12:55:38 +0200 (CEST) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id 719D2DA704; Thu, 30 May 2019 12:55:38 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int X-Spam-Level: X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50, SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1 Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 6C7EBDA702; Thu, 30 May 2019 12:55:36 +0200 (CEST) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Thu, 30 May 2019 12:55:36 +0200 (CEST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from salvia.here (sys.soleta.eu [212.170.55.40]) (Authenticated sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id 482D24265A5B; Thu, 30 May 2019 12:55:36 +0200 (CEST) X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: phil@nwl.cc Subject: [PATCH nft,v2 4/7] mnl: add mnl_nft_batch_to_msg() Date: Thu, 30 May 2019 12:55:26 +0200 Message-Id: <20190530105529.12657-4-pablo@netfilter.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190530105529.12657-1-pablo@netfilter.org> References: <20190530105529.12657-1-pablo@netfilter.org> X-Virus-Scanned: ClamAV using ClamSMTP Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This function transforms the batch into a msghdr object. Signed-off-by: Pablo Neira Ayuso --- src/mnl.c | 54 ++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 18 deletions(-) diff --git a/src/mnl.c b/src/mnl.c index b3999d5f1d9f..6c85b1855c86 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -257,49 +257,67 @@ static int mnl_set_rcvbuffer(const struct mnl_socket *nl, size_t bufsiz) return ret; } -static ssize_t mnl_nft_socket_sendmsg(const struct netlink_ctx *ctx) +static size_t mnl_nft_batch_to_msg(struct netlink_ctx *ctx, struct msghdr *msg, + const struct sockaddr_nl *snl, + struct iovec *iov, unsigned int iov_len) { - static const struct sockaddr_nl snl = { - .nl_family = AF_NETLINK - }; - uint32_t iov_len = nftnl_batch_iovec_len(ctx->batch); - struct iovec iov[iov_len]; - struct msghdr msg = { - .msg_name = (struct sockaddr *) &snl, - .msg_namelen = sizeof(snl), - .msg_iov = iov, - .msg_iovlen = iov_len, - }; - uint32_t i; + unsigned int i; + size_t len = 0; + + msg->msg_name = (struct sockaddr_nl *)snl; + msg->msg_namelen = sizeof(*snl); + msg->msg_iov = iov; + msg->msg_iovlen = iov_len; nftnl_batch_iovec(ctx->batch, iov, iov_len); - for (i = 0; i < iov_len; i++) { - if (ctx->nft->debug_mask & NFT_DEBUG_MNL) { + for (i = 0; i < iov_len; i++) + len += msg->msg_iov[i].iov_len; + + return len; +} + +static ssize_t mnl_nft_socket_sendmsg(struct netlink_ctx *ctx, + const struct msghdr *msg) +{ + uint32_t iov_len = msg->msg_iovlen; + struct iovec *iov = msg->msg_iov; + unsigned int i; + + if (ctx->nft->debug_mask & NFT_DEBUG_MNL) { + for (i = 0; i < iov_len; i++) { mnl_nlmsg_fprintf(ctx->nft->output.output_fp, iov[i].iov_base, iov[i].iov_len, sizeof(struct nfgenmsg)); } } - return sendmsg(mnl_socket_get_fd(ctx->nft->nf_sock), &msg, 0); + return sendmsg(mnl_socket_get_fd(ctx->nft->nf_sock), msg, 0); } int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list) { struct mnl_socket *nl = ctx->nft->nf_sock; int ret, fd = mnl_socket_get_fd(nl), portid = mnl_socket_get_portid(nl); + uint32_t iov_len = nftnl_batch_iovec_len(ctx->batch); char rcv_buf[MNL_SOCKET_BUFFER_SIZE]; - fd_set readfds; + const struct sockaddr_nl snl = { + .nl_family = AF_NETLINK + }; struct timeval tv = { .tv_sec = 0, .tv_usec = 0 }; + fd_set readfds; + struct iovec iov[iov_len]; + struct msghdr msg = {}; int err = 0; mnl_set_sndbuffer(ctx->nft->nf_sock, ctx->batch); - ret = mnl_nft_socket_sendmsg(ctx); + mnl_nft_batch_to_msg(ctx, &msg, &snl, iov, iov_len); + + ret = mnl_nft_socket_sendmsg(ctx, &msg); if (ret == -1) return -1; From patchwork Thu May 30 10:55:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 1107726 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netfilter.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45F4Hg6G7Wz9s5c for ; Thu, 30 May 2019 20:55:43 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726706AbfE3Kzm (ORCPT ); Thu, 30 May 2019 06:55:42 -0400 Received: from mail.us.es ([193.147.175.20]:35352 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726636AbfE3Kzl (ORCPT ); Thu, 30 May 2019 06:55:41 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id 3C407C1DEC for ; Thu, 30 May 2019 12:55:39 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 2CC03DA718 for ; Thu, 30 May 2019 12:55:39 +0200 (CEST) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id 22357DA712; Thu, 30 May 2019 12:55:39 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int X-Spam-Level: X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50, SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1 Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id EA177DA712; Thu, 30 May 2019 12:55:36 +0200 (CEST) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Thu, 30 May 2019 12:55:36 +0200 (CEST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from salvia.here (sys.soleta.eu [212.170.55.40]) (Authenticated sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id C3CA04265A5B; Thu, 30 May 2019 12:55:36 +0200 (CEST) X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: phil@nwl.cc Subject: [PATCH nft,v2 5/7] mnl: estimate receiver buffer size Date: Thu, 30 May 2019 12:55:27 +0200 Message-Id: <20190530105529.12657-5-pablo@netfilter.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190530105529.12657-1-pablo@netfilter.org> References: <20190530105529.12657-1-pablo@netfilter.org> X-Virus-Scanned: ClamAV using ClamSMTP Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Set a receiver buffer size based on the number of commands and the average message size, this is useful for the --echo option in order to avoid ENOBUFS errors. Double the estimated size is used to ensure enough receiver buffer space. Skip buffer receiver logic if estimation is smaller than current buffer. Reported-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- include/mnl.h | 3 ++- src/libnftables.c | 5 +++-- src/mnl.c | 11 ++++++++--- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/include/mnl.h b/include/mnl.h index c63a7e7fd73a..9f50c3da0f3a 100644 --- a/include/mnl.h +++ b/include/mnl.h @@ -25,7 +25,8 @@ bool mnl_batch_ready(struct nftnl_batch *batch); void mnl_batch_reset(struct nftnl_batch *batch); uint32_t mnl_batch_begin(struct nftnl_batch *batch, uint32_t seqnum); void mnl_batch_end(struct nftnl_batch *batch, uint32_t seqnum); -int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list); +int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list, + uint32_t num_cmds); int mnl_nft_rule_add(struct netlink_ctx *ctx, const struct cmd *cmd, unsigned int flags); diff --git a/src/libnftables.c b/src/libnftables.c index 199dbc97b801..a58b8ca9dcf6 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -21,7 +21,7 @@ static int nft_netlink(struct nft_ctx *nft, struct list_head *cmds, struct list_head *msgs, struct mnl_socket *nf_sock) { - uint32_t batch_seqnum, seqnum = 0; + uint32_t batch_seqnum, seqnum = 0, num_cmds = 0; struct nftnl_batch *batch; struct netlink_ctx ctx; struct cmd *cmd; @@ -49,6 +49,7 @@ static int nft_netlink(struct nft_ctx *nft, strerror(errno)); goto out; } + num_cmds++; } if (!nft->check) mnl_batch_end(batch, mnl_seqnum_alloc(&seqnum)); @@ -56,7 +57,7 @@ static int nft_netlink(struct nft_ctx *nft, if (!mnl_batch_ready(batch)) goto out; - ret = mnl_batch_talk(&ctx, &err_list); + ret = mnl_batch_talk(&ctx, &err_list, num_cmds); list_for_each_entry_safe(err, tmp, &err_list, head) { list_for_each_entry(cmd, cmds, list) { diff --git a/src/mnl.c b/src/mnl.c index 6c85b1855c86..96984f03e1be 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -295,12 +295,14 @@ static ssize_t mnl_nft_socket_sendmsg(struct netlink_ctx *ctx, return sendmsg(mnl_socket_get_fd(ctx->nft->nf_sock), msg, 0); } -int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list) +int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list, + uint32_t num_cmds) { struct mnl_socket *nl = ctx->nft->nf_sock; int ret, fd = mnl_socket_get_fd(nl), portid = mnl_socket_get_portid(nl); uint32_t iov_len = nftnl_batch_iovec_len(ctx->batch); char rcv_buf[MNL_SOCKET_BUFFER_SIZE]; + size_t avg_msg_size, batch_size; const struct sockaddr_nl snl = { .nl_family = AF_NETLINK }; @@ -308,14 +310,17 @@ int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list) .tv_sec = 0, .tv_usec = 0 }; - fd_set readfds; struct iovec iov[iov_len]; struct msghdr msg = {}; + fd_set readfds; int err = 0; mnl_set_sndbuffer(ctx->nft->nf_sock, ctx->batch); - mnl_nft_batch_to_msg(ctx, &msg, &snl, iov, iov_len); + batch_size = mnl_nft_batch_to_msg(ctx, &msg, &snl, iov, iov_len); + avg_msg_size = div_round_up(batch_size, num_cmds); + + mnl_set_rcvbuffer(ctx->nft->nf_sock, num_cmds * avg_msg_size * 2); ret = mnl_nft_socket_sendmsg(ctx, &msg); if (ret == -1) From patchwork Thu May 30 10:55:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 1107728 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netfilter.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45F4Hh6KtGz9s7h for ; Thu, 30 May 2019 20:55:44 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726723AbfE3Kzn (ORCPT ); Thu, 30 May 2019 06:55:43 -0400 Received: from mail.us.es ([193.147.175.20]:35370 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726610AbfE3Kzm (ORCPT ); Thu, 30 May 2019 06:55:42 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id 8154FC1DEA for ; Thu, 30 May 2019 12:55:39 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 71D8FDA707 for ; Thu, 30 May 2019 12:55:39 +0200 (CEST) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id 67612DA704; Thu, 30 May 2019 12:55:39 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int X-Spam-Level: X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50, SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1 Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 606D6DA701; Thu, 30 May 2019 12:55:37 +0200 (CEST) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Thu, 30 May 2019 12:55:37 +0200 (CEST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from salvia.here (sys.soleta.eu [212.170.55.40]) (Authenticated sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id 38C904265A5B; Thu, 30 May 2019 12:55:37 +0200 (CEST) X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: phil@nwl.cc Subject: [PATCH nft, v2 6/7] mnl: mnl_batch_talk() returns -1 on internal netlink errors Date: Thu, 30 May 2019 12:55:28 +0200 Message-Id: <20190530105529.12657-6-pablo@netfilter.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190530105529.12657-1-pablo@netfilter.org> References: <20190530105529.12657-1-pablo@netfilter.org> X-Virus-Scanned: ClamAV using ClamSMTP Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Display an error in case internal netlink plumbing hits problems. Signed-off-by: Pablo Neira Ayuso --- src/libnftables.c | 8 ++++++++ src/mnl.c | 7 ++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/src/libnftables.c b/src/libnftables.c index a58b8ca9dcf6..d8de89ca509c 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -58,6 +58,14 @@ static int nft_netlink(struct nft_ctx *nft, goto out; ret = mnl_batch_talk(&ctx, &err_list, num_cmds); + if (ret < 0) { + netlink_io_error(&ctx, NULL, + "Could not process rule: %s", strerror(errno)); + goto out; + } + + if (!list_empty(&err_list)) + ret = -1; list_for_each_entry_safe(err, tmp, &err_list, head) { list_for_each_entry(cmd, cmds, list) { diff --git a/src/mnl.c b/src/mnl.c index 96984f03e1be..4c15387000e9 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -313,7 +313,6 @@ int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list, struct iovec iov[iov_len]; struct msghdr msg = {}; fd_set readfds; - int err = 0; mnl_set_sndbuffer(ctx->nft->nf_sock, ctx->batch); @@ -343,10 +342,8 @@ int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list, ret = mnl_cb_run(rcv_buf, ret, 0, portid, &netlink_echo_callback, ctx); /* Continue on error, make sure we get all acknowledgments */ - if (ret == -1) { + if (ret == -1) mnl_err_list_node_add(err_list, errno, nlh->nlmsg_seq); - err = -1; - } ret = select(fd+1, &readfds, NULL, NULL, &tv); if (ret == -1) @@ -355,7 +352,7 @@ int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list, FD_ZERO(&readfds); FD_SET(fd, &readfds); } - return err; + return 0; } int mnl_nft_rule_add(struct netlink_ctx *ctx, const struct cmd *cmd, From patchwork Thu May 30 10:55:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 1107727 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netfilter.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45F4Hh320Cz9s3l for ; Thu, 30 May 2019 20:55:44 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726715AbfE3Kzm (ORCPT ); Thu, 30 May 2019 06:55:42 -0400 Received: from mail.us.es ([193.147.175.20]:35372 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726653AbfE3Kzl (ORCPT ); Thu, 30 May 2019 06:55:41 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id E7CD1C1DF2 for ; Thu, 30 May 2019 12:55:39 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id D8E01DA70D for ; Thu, 30 May 2019 12:55:39 +0200 (CEST) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id CE49FDA708; Thu, 30 May 2019 12:55:39 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int X-Spam-Level: X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50, SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1 Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id D811EDA70C; Thu, 30 May 2019 12:55:37 +0200 (CEST) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Thu, 30 May 2019 12:55:37 +0200 (CEST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from salvia.here (sys.soleta.eu [212.170.55.40]) (Authenticated sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id A923E4265A5B; Thu, 30 May 2019 12:55:37 +0200 (CEST) X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: phil@nwl.cc Subject: [PATCH nft, v2 7/7] erec: remove double \n on error when internal_netlink is used Date: Thu, 30 May 2019 12:55:29 +0200 Message-Id: <20190530105529.12657-7-pablo@netfilter.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190530105529.12657-1-pablo@netfilter.org> References: <20190530105529.12657-1-pablo@netfilter.org> X-Virus-Scanned: ClamAV using ClamSMTP Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Remove double empty line linebreak when printing internal errors. Signed-off-by: Pablo Neira Ayuso --- src/erec.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/erec.c b/src/erec.c index 617c04ade178..cf543a980bc0 100644 --- a/src/erec.c +++ b/src/erec.c @@ -161,7 +161,6 @@ void erec_print(struct output_ctx *octx, const struct error_record *erec, loc = &erec->locations[l]; netlink_dump_expr(loc->nle, f, debug_mask); } - fprintf(f, "\n\n"); return; }