Skip to content
Commit 25e94a99 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nf_tables: don't call nfnetlink_set_err() if nfnetlink_send() fails



The underlying nlmsg_multicast() already sets sk->sk_err for us to
notify socket overruns, so we should not do anything with this return
value. So we just call nfnetlink_set_err() if:

1) We fail to allocate the netlink message.

or

2) We don't have enough space in the netlink message to place attributes,
   which means that we likely need to allocate a larger message.

Before this patch, the internal ESRCH netlink error code was propagated
to userspace, which is quite misleading. Netlink semantics mandate that
listeners just hit ENOBUFS if the socket buffer overruns.

Reported-by: default avatarAlexander Alemayhu <alexander@alemayhu.com>
Tested-by: default avatarAlexander Alemayhu <alexander@alemayhu.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent f9121355
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment