NFTA_LOG_SNAPLEN is u32 and NFTA_LOG_QTHRESHOLD is u16. Without this, netlink messages from kernel fail mnl_validate step when QTHRESH or SNAPLEN was set. Also, nft_rule_expr_log_get must update data_length, else 'nft list' doesn't show log arguments (prefix, group ..) because the netlink message decoding uses nft_rule_expr_get_u16/32 etc. which validate the length, too. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- src/expr/log.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/expr/log.c b/src/expr/log.c index bbbd5b9..90fb32e 100644 --- a/src/expr/log.c +++ b/src/expr/log.c @@ -64,12 +64,16 @@ nft_rule_expr_log_get(const struct nft_rule_expr *e, uint16_t type, switch(type) { case NFT_EXPR_LOG_PREFIX: + *data_len = strlen(log->prefix)+1; return log->prefix; case NFT_EXPR_LOG_GROUP: + *data_len = sizeof(log->group); return &log->group; case NFT_EXPR_LOG_SNAPLEN: + *data_len = sizeof(log->snaplen); return &log->snaplen; case NFT_EXPR_LOG_QTHRESHOLD: + *data_len = sizeof(log->qthreshold); return &log->qthreshold; } return NULL; @@ -91,13 +95,13 @@ static int nft_rule_expr_log_cb(const struct nlattr *attr, void *data) } break; case NFTA_LOG_GROUP: - case NFTA_LOG_SNAPLEN: + case NFTA_LOG_QTHRESHOLD: if (mnl_attr_validate(attr, MNL_TYPE_U16) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; } break; - case NFTA_LOG_QTHRESHOLD: + case NFTA_LOG_SNAPLEN: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) { perror("mnl_attr_validate"); return MNL_CB_ERROR; -- 1.7.8.6 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html