On 07/01/11 10:38, Jan Engelhardt wrote: > > On Friday 2011-01-07 02:31, Pablo Neira Ayuso wrote: >>>>> /* Modifiers to GET request */ >>>>> #define NLM_F_ROOT 0x100 >>>>> #define NLM_F_MATCH 0x200 >>>>> #define NLM_F_ATOMIC 0x400 >>>>> #define NLM_F_DUMP (NLM_F_ROOT|NLM_F_MATCH) >>> [...] >>>>> [N.B.: I am also wondering whether >>>>> (nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP >>>>> may have been desired, because NLM_F_DUMP is composed of two bits.] >>>> >>>> Someone may include NLM_F_ATOMIC to a dump operation, in that case the >>>> checking that you propose is not valid. >>> >>> Are you saying that NLM_F_MATCH and NLM_F_ATOMIC are mutually >>> exclusive, and that NLM_F_ROOT|NLM_F_ATOMIC would also signal a >>> dump operation? Otherwise the test that Jan proposes looks valid >>> to me. >> >> Indeed, Jan's test is fine to fix this. Please, send a patch to Davem asap. > > But that would still mean that a user sending a > NLM_F_REQUEST|NLM_F_REPLACE|NLM_F_EXCL message would be misinterpreted > as NLM_F_DUMP. That flag combination does not make sense to me. Valid combinations are: NLM_F_REQUEST|NLM_F_CREATE : if it does not exist, create it, if it exists, update it. NLM_F_REQUEST|NLM_F_CREATE|NLM_F_EXCL: if it does not exist, create it, if it exists, return -EEXIST. NLM_F_REQUEST|NLM_F_REPLACE: if it does not exist, return -ENOENT, if it exists, replace it. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
