On Wed, Oct 24, 2018 at 08:04:39PM +0200, Phil Sutter wrote: > Hi Pablo, > > On Wed, Oct 24, 2018 at 06:35:45PM +0200, Pablo Neira Ayuso wrote: > > On Wed, Oct 24, 2018 at 06:05:55PM +0200, Phil Sutter wrote: > > > When trying to adjust receive buffer size, the second call to > > > setsockopt() was not error-checked. > > > > > > Signed-off-by: Phil Sutter <phil@xxxxxx> > > > --- > > > src/mnl.c | 7 +++++-- > > > 1 file changed, 5 insertions(+), 2 deletions(-) > > > > > > diff --git a/src/mnl.c b/src/mnl.c > > > index 2be8ca14e50da..0d9b7ffc85c76 100644 > > > --- a/src/mnl.c > > > +++ b/src/mnl.c > > > @@ -1425,8 +1425,11 @@ int mnl_nft_event_listener(struct mnl_socket *nf_sock, unsigned int debug_mask, > > > */ > > > ret = setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &bufsiz, > > > sizeof(socklen_t)); > > > - nft_print(octx, "# Cannot set up netlink socket buffer size to %u bytes, falling back to %u bytes\n", > > > - NFTABLES_NLEVENT_BUFSIZ, bufsiz); > > > + if (ret < 0) > > > + nft_print(octx, "# Cannot increase netlink socket buffer size, expect message loss\n"); > > > + else > > > + nft_print(octx, "# Cannot set up netlink socket buffer size to %u bytes, falling back to %u bytes\n", > > > + NFTABLES_NLEVENT_BUFSIZ, bufsiz); > > > > Looks good. > > > > Are you hitting this error message? With a large ruleset? > > No, this originated from a covscan report complaining about the unused > assignment of 'ret' variable. Instead of eliminating the assignment, I > decided to make use of it instead. Applied, thanks for explaining.
