On Thu, Nov 16, 2017 at 02:38:24PM +0100, Pablo Neira Ayuso wrote:
> On Thu, Nov 16, 2017 at 09:06:29AM +0100, Phil Sutter wrote:
> > This introduces a rather nasty macro to call nftnl_*_fprintf() only if
> > output_fp is valid. On the other hand, it allows to pull the common
> > parts (format argument, event conversion) into a single place.
> >
> > Signed-off-by: Phil Sutter <phil@xxxxxx>
> > ---
> > src/netlink.c | 38 ++++++++++++++++++--------------------
> > 1 file changed, 18 insertions(+), 20 deletions(-)
> >
> > diff --git a/src/netlink.c b/src/netlink.c
> > index 845eeeffd7387..81b92ac1e2d7c 100644
> > --- a/src/netlink.c
> > +++ b/src/netlink.c
> > @@ -40,6 +40,12 @@
> > #include <iface.h>
> >
> > #define nft_mon_print(monh, ...) nft_print(monh->ctx->octx, __VA_ARGS__)
> > +#define nftnl_mon_print(monh, type, obj, event) \
> > + if (monh->ctx->octx->output_fp) { \
> > + nftnl_##type##_fprintf(monh->ctx->octx->output_fp, \
> > + obj, monh->format, \
> > + netlink_msg2nftnl_of(event)); \
> > + }
>
> Wait.
>
> Can't we just change nftnl_*_fprintf to do nothing if output_fp is
> NULL.
>
> That should be safe.
Looks like you just caught me trying to avoid changing libnftnl. :D
Yet I still consider the macro valuable since it avoids the nasty
pointer deref chain.
I'll prepare a patch to libnftnl and then provide v2 of this patch with
simplified nftnl_mon_print() macro. ACK?
Thanks, Phil
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
