Hello Pablo, On 02/12/2021 14:54, Pablo Neira Ayuso wrote: >> 1. All read-from-the-socket functions should be run in a loop, repeating >> if return code is -1 and errno is EINTR. I.e. EINTR should not be >> treated as an error, but as a condition that requires retry. [...]> This missing EINTR handling for iface_cache_update() is a bug, would > you post a patch for this? I have a patch that is currently under our internal testing. Will post it here once I get the results of testing. >> There is another function that calls exit(), __netlink_abi_error(). I >> believe that even in such a harsh situation, exit() is not the right way >> to handle it. > > ABI breakage between kernel and userspace should not ever happen. Well, maybe at least use abort() then? It's better to have a dump with a stack trace than have the process silently terminate. Libnftables may be deep down the stack of dependencies, it can be hard to find the source of the problem from just an stderr message. Best regards, Eugene
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
