On Tue, May 30, 2017 at 06:21:49PM +0200, Phil Sutter wrote: > On Tue, May 30, 2017 at 02:12:11PM +0200, Pablo Neira Ayuso wrote: > > On Fri, May 19, 2017 at 12:41:28PM +0200, Phil Sutter wrote: > > What I mean is that that we should use the heading netlink message as > > netlink context (portid, flags) for the NEWGEN message. This is > > currently broken. I'll send a patch to fix this, so you can send a > > follow up of this on top of this. > > OK, thanks! Actually the existing code for NEWGEN looks good. We pass the original skbuff to ->commit(), so we can fetch from the _BEGIN netlink message coming in first place in the batch the context we need. > > > | @@ -4538,7 +4539,9 @@ static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, > > > | nfmsg->version = NFNETLINK_V0; > > > | nfmsg->res_id = htons(net->nft.base_seq & 0xffff); > > > | > > > | - if (nla_put_be32(skb, NFTA_GEN_ID, htonl(net->nft.base_seq))) > > > | + if (nla_put_be32(skb, NFTA_GEN_ID, htonl(net->nft.base_seq)) || > > > | + nla_put_be32(skb, NFTA_GEN_PROC_PID, htonl(task_pid_nr(current))) || > > > | + nla_put_string(skb, NFTA_GEN_PROC_NAME, get_task_comm(buf, current))) > > > | goto nla_put_failure; So you only need to add these missing to the NEWGEN message. Thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
