Re: Suboptimal error handling in libnftables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Pablo,

On 02/12/2021 14:54, Pablo Neira Ayuso wrote:

>> 1. All read-from-the-socket functions should be run in a loop, repeating
>> if return code is -1 and errno is EINTR. I.e. EINTR should not be
>> treated as an error, but as a condition that requires retry.
[...]> This missing EINTR handling for iface_cache_update() is a bug, would
> you post a patch for this?

I have a patch that is currently under our internal testing. Will post
it here once I get the results of testing.

>> There is another function that calls exit(), __netlink_abi_error(). I
>> believe that even in such a harsh situation, exit() is not the right way
>> to handle it.
> 
> ABI breakage between kernel and userspace should not ever happen.

Well, maybe at least use abort() then? It's better to have a dump with a
stack trace than have the process silently terminate. Libnftables may be
deep down the stack of dependencies, it can be hard to find the source
of the problem from just an stderr message.

Best regards,

Eugene

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux