On Friday 2011-01-07 02:31, Pablo Neira Ayuso wrote: >>>> /* Modifiers to GET request */ >>>> #define NLM_F_ROOT 0x100 >>>> #define NLM_F_MATCH 0x200 >>>> #define NLM_F_ATOMIC 0x400 >>>> #define NLM_F_DUMP (NLM_F_ROOT|NLM_F_MATCH) >> [...] >>>> [N.B.: I am also wondering whether >>>> (nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP >>>> may have been desired, because NLM_F_DUMP is composed of two bits.] >>> >>> Someone may include NLM_F_ATOMIC to a dump operation, in that case the >>> checking that you propose is not valid. >> >> Are you saying that NLM_F_MATCH and NLM_F_ATOMIC are mutually >> exclusive, and that NLM_F_ROOT|NLM_F_ATOMIC would also signal a >> dump operation? Otherwise the test that Jan proposes looks valid >> to me. > >Indeed, Jan's test is fine to fix this. Please, send a patch to Davem asap. But that would still mean that a user sending a NLM_F_REQUEST|NLM_F_REPLACE|NLM_F_EXCL message would be misinterpreted as NLM_F_DUMP. There just is no way for genl to figure out from an arbitrary nlmsghdr whether it's a dump request or something else without breaking something. The overlapping of NLM_F_ is quite unfortunate. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
