Hi Pablo, On Wed, Oct 24, 2018 at 06:35:45PM +0200, Pablo Neira Ayuso wrote: > On Wed, Oct 24, 2018 at 06:05:55PM +0200, Phil Sutter wrote: > > When trying to adjust receive buffer size, the second call to > > setsockopt() was not error-checked. > > > > Signed-off-by: Phil Sutter <phil@xxxxxx> > > --- > > src/mnl.c | 7 +++++-- > > 1 file changed, 5 insertions(+), 2 deletions(-) > > > > diff --git a/src/mnl.c b/src/mnl.c > > index 2be8ca14e50da..0d9b7ffc85c76 100644 > > --- a/src/mnl.c > > +++ b/src/mnl.c > > @@ -1425,8 +1425,11 @@ int mnl_nft_event_listener(struct mnl_socket *nf_sock, unsigned int debug_mask, > > */ > > ret = setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &bufsiz, > > sizeof(socklen_t)); > > - nft_print(octx, "# Cannot set up netlink socket buffer size to %u bytes, falling back to %u bytes\n", > > - NFTABLES_NLEVENT_BUFSIZ, bufsiz); > > + if (ret < 0) > > + nft_print(octx, "# Cannot increase netlink socket buffer size, expect message loss\n"); > > + else > > + nft_print(octx, "# Cannot set up netlink socket buffer size to %u bytes, falling back to %u bytes\n", > > + NFTABLES_NLEVENT_BUFSIZ, bufsiz); > > Looks good. > > Are you hitting this error message? With a large ruleset? No, this originated from a covscan report complaining about the unused assignment of 'ret' variable. Instead of eliminating the assignment, I decided to make use of it instead. Cheers, Phil
