Tree - rpms/iptables - CentOS Git server

rpms / iptables

Files

Blob Blame History Raw
From 4dceb905dfda4a34dfcb0ad3d010d77acd43981d Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Tue, 19 May 2020 11:15:30 +0200
Subject: [RHEL7.9 net 2/2] nfnl_osf: Improve error handling

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1829820
Upstream Status: iptables commit 3e09bd1888575

commit 3e09bd1888575cfec136574d2b0e810ba33f1cfb
Author: Phil Sutter <phil@nwl.cc>
Date:   Sat May 9 13:42:56 2020 +0200

    nfnl_osf: Improve error handling

    For some error cases, no log message was created - hence apart from the
    return code there was no indication of failing execution.

    If a line load fails, don't abort but continue with the remaining
    file contents. The current pf.os file in this repository serves as
    proof-of-concept:

    Lines 700 and 701: Duplicates of lines 698 and 699 because 'W*' and 'W0'
    parse into the same data.

    Line 704: Duplicate of line 702 because apart from 'W*' and 'W0', only
    the first three fields on right-hand side are sent to the kernel.

    When loading, these dups are ignored (they would bounce if NLM_F_EXCL
    was given). Upon deletion, they cause ENOENT response from kernel. In
    order to align duplicate-tolerance in both modes, just ignore that
    ENOENT.

    Signed-off-by: Phil Sutter <phil@nwl.cc>

Signed-off-by: Phil Sutter <psutter@redhat.com>
---
 utils/nfnl_osf.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/utils/nfnl_osf.c b/utils/nfnl_osf.c
index d726e0a6f1cf9..73fb29e7099b6 100644
--- a/utils/nfnl_osf.c
+++ b/utils/nfnl_osf.c
@@ -389,7 +389,7 @@ static int osf_load_line(char *buffer, int len, int del)
 static int osf_load_entries(char *path, int del)
 {
 	FILE *inf;
-	int err = 0;
+	int err = 0, lineno = 0;
 	char buf[1024];
 
 	inf = fopen(path, "r");
@@ -399,7 +399,9 @@ static int osf_load_entries(char *path, int del)
 	}
 
 	while(fgets(buf, sizeof(buf), inf)) {
-		int len;
+		int len, rc;
+
+		lineno++;
 
 		if (buf[0] == '#' || buf[0] == '\n' || buf[0] == '\r')
 			continue;
@@ -411,9 +413,11 @@ static int osf_load_entries(char *path, int del)
 
 		buf[len] = '\0';
 
-		err = osf_load_line(buf, len, del);
-		if (err)
-			break;
+		rc = osf_load_line(buf, len, del);
+		if (rc && (!del || errno != ENOENT)) {
+			ulog_err("Failed to load line %d", lineno);
+			err = rc;
+		}
 
 		memset(buf, 0, sizeof(buf));
 	}
@@ -445,6 +449,7 @@ int main(int argc, char *argv[])
 
 	if (!fingerprints) {
 		err = -ENOENT;
+		ulog("Missing fingerprints file argument.\n");
 		goto err_out_exit;
 	}
 
-- 
2.26.2
rpms / iptables

Source Code

Files
