[PATCH xtables] nft: exit in case we can't fetch current genid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



When running iptables -nL as non-root user, iptables would loop indefinitely.

With this change, it will fail with
iptables v1.8.3 (nf_tables): Could not fetch rule set generation id: Permission denied (you must be root)

Reported-by: Amish <anon.amish@xxxxxxxxx>
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
 iptables/nft.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index e927d1db2b42..8f0d5e664eca 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -82,13 +82,19 @@ out:
 	return MNL_CB_ERROR;
 }
 
-static int mnl_genid_get(struct nft_handle *h, uint32_t *genid)
+static void mnl_genid_get(struct nft_handle *h, uint32_t *genid)
 {
 	char buf[MNL_SOCKET_BUFFER_SIZE];
 	struct nlmsghdr *nlh;
+	int ret;
 
 	nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETGEN, 0, 0, h->seq);
-	return mnl_talk(h, nlh, genid_cb, genid);
+	ret = mnl_talk(h, nlh, genid_cb, genid);
+	if (ret == 0)
+		return;
+
+	xtables_error(RESOURCE_PROBLEM,
+		      "Could not fetch rule set generation id: %s\n", nft_strerror(errno));
 }
 
 int mnl_talk(struct nft_handle *h, struct nlmsghdr *nlh,
-- 
2.21.0




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux