On 07/12/2018 01:27 PM, Florian Westphal wrote:
Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx> wrote:
+ list_for_each_entry(sf, &nft_osf_fingers[!!f->df], finger_entry) {
+ if (memcmp(&sf->finger, f, sizeof(struct nf_osf_user_finger)))
+ continue;
+
+ kfree(kf);
Hmm. So there can't be any duplicate entries in first place.
So I really wonder how this is going to be used or why
all of this code can't live in nft_osf.c .
I mean, we are adding this to core nftables api, and i think this is
something that should only be done if it can't be specific to particular
expression for some reason.
Can we load/unload pf.os signatures from nft_osf.c at the expression init?
If we can do it, then maybe all this code can live in nft_osf.c.
I'd like to see how this is used from grammar point of view first.
What does a rule look like?
A rule will contain a string (the OS we want to match) and two u8
(loglevel and ttl).
Are the osf signatures global, tied to table, tied to expression?
OSF signatures should be load at the osf expression init if I am not
wrong, and that only happens once. If we add more rules using osf they
should use the already loaded signatures.
+ list_for_each_entry(sf, &nft_osf_fingers[!!f->df], finger_entry) {
+ if (memcmp(&sf->finger, f, sizeof(struct nf_osf_user_finger)))
+ continue;
list_for_each_entry_safe?
I think it is not necessary and isn't used in xt_osf module, but we can use
it if recommended.
xt_osf use looks buggy too... I don't see it holding rcu read lock, so
once kfree_rcu() is invoked sf ->next pointer can already reside in
free'd memory.
Okey then let's use list_for_each_entry_safe. Will fix xt_osf too.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
