Krishna Kumar2 <krkumar2@xxxxxxxxxx> wrote:
> > if (queue->queue_total >= queue->queue_maxlen) {
> > if (queue->flags & NFQA_CFG_F_FAIL_OPEN) {
> > nf_reinject(entry, NF_ACCEPT);
> > err = 0;
> > goto err_out_free_nskb;
> > }
> > queue->queue_dropped++;
> > net_warn_ratelimited("nf_queue: full at %d entries, dropping packets
> (s)\n",
> >
> > [..]
> >
> > Do you see any problems with that?
>
> No, I think it should work fine. Do this after dropping the lock?
Good catch. Yes, the lock should be dropped, else we
deadlock when same queue is hit in next table/chain.
> > > + if (nfqa[NFQA_CFG_FLAGS]) {
> > > + __be32 flags, mask;
> >
> > [..]
> >
> > > + flags = ntohl(nla_get_be32(nfqa[NFQA_CFG_FLAGS]));
> > > + mask = ntohl(nla_get_be32(nfqa[NFQA_CFG_MASK]));
> >
> > ntohl returns __u32 type.
>
> Maybe just use __u32 type for flags/mask?
Yes.
Thanks,
Florian
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
