On Thursday 2011-01-06 15:55, Pablo Neira Ayuso wrote: >On 06/01/11 15:25, Jan Engelhardt wrote: >> On Thursday 2011-01-06 14:48, Pablo Neira Ayuso wrote: >>>> >>>> /* Modifiers to GET request */ >>>> #define NLM_F_ROOT 0x100 >>>> #define NLM_F_MATCH 0x200 >>>> #define NLM_F_ATOMIC 0x400 >>>> #define NLM_F_DUMP (NLM_F_ROOT|NLM_F_MATCH) >>>> >>>> /* Modifiers to NEW request */ >>>> #define NLM_F_REPLACE 0x100 >>>> #define NLM_F_EXCL 0x200 >>>> #define NLM_F_CREATE 0x400 >>>> #define NLM_F_APPEND 0x800 >>>> > >i getting confused, so ipset is also setting NLM_F_REPLACE to match the >NLM_F_DUMP bitmask? Any userspace program sending a (ge)netlink message with NLM_F_CREATE|NLM_F_EXCL -- with the intent of creating an entry with excl semantics --, will be misunderstood by genetlink.c to be a dump request. The problem is of general nature and not limited to ipset. I only noticed it while making the ipset-genl patch, because ipset sends all IPSET_CMD_CREATE requests with NLM_F_REQUEST|NLM_F_ACK|NLM_F_CREATE|NLM_F_EXCL (see ipset/lib/mnl.c). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
