On Sat, Jul 23, 2005 at 08:54:27AM -0400, Harald Welte ([email protected]) wrote:
> Hi Dave,
> Hi Evgeniy,
>
> the following patch fixes the illegal use of NETLINK_NFLOG by the
> 1wire drivers. It assumes that the netlink tap families can now safely
> be reclaimed, which is the case according to Dave at netconf'05.
>
> I'm not sure who would be the right person to fix this, but this patch
> needs to go into both 2.6.12.x and 2.6.13 trees, since it potentially
> causes a security problem by preventing the iptables ULOG
Yep.
Actually w1 uses it only for simple event notifications,
which definitely will be replaced with connector stuff...
So I woulf like to ask Dave about it, and if network people are still
against it, I have no objection against this patch.
But I sould definitely prefer to move all such simple events into separate
event bus.
> This has been the third new piece of code that reuses NETLINK_NFLOG
> within a couple of months. I would really appreciate if people would
> actually ask/apply for a new protocol number instead of just overloading
> existing values and thereby causing breakage.
I even know who added it... :)
I still have question opened about message bus and connector.
Andrew has no objection against connector and it lives in -mm
quite long time, although was several time removed due to GregKH i2c
tree changes. All objections against it was only type of - "I do not like it"
Dmitry had some bugfixes which were added.
It was tested under quite heavy load on different types of systems
without overhead (with CBUS) and with _very_ convenient way of
controlling kernelspace from userspace and reverse event bus.
> Thanks,
> Harald
>
> --
> - Harald Welte <[email protected]> http://netfilter.org/
> ============================================================================
> "Fragmentation is like classful addressing -- an interesting early
> architectural error that shows how much experimentation was going
> on while IP was being designed." -- Paul Vixie
> Give the 1-wire driver stack its own netlink protocol number, instead of
> overloading NETLINK_NFLOG.
>
> I wonder what I have done to people, that they always overload the
> NETLINK_NFLOG protocol number and thereby effectively prevent the packet
> filter logging mechanism. Please don't re-use protocol numbers.
>
> Signed-off-by: Harald Welte <[email protected]>
>
> ---
> commit b4a566c332048b642506eff7de825fce710ff42c
> tree 07ef162f6d449dd67c586c9c63680004787b86c5
> parent d5d3fb40b6db511dbd47a84634a1249de6b7b297
> author laforge <[email protected]> Sa, 23 Jul 2005 08:41:24 -0400
> committer laforge <[email protected]> Sa, 23 Jul 2005 08:41:24 -0400
>
> drivers/w1/w1_int.c | 4 ++--
> include/linux/netlink.h | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/w1/w1_int.c b/drivers/w1/w1_int.c
> --- a/drivers/w1/w1_int.c
> +++ b/drivers/w1/w1_int.c
> @@ -88,10 +88,10 @@ static struct w1_master * w1_alloc_dev(u
>
> dev->groups = 23;
> dev->seq = 1;
> - dev->nls = netlink_kernel_create(NETLINK_NFLOG, NULL);
> + dev->nls = netlink_kernel_create(NETLINK_W1, NULL);
> if (!dev->nls) {
> printk(KERN_ERR "Failed to create new netlink socket(%u) for w1 master %s.\n",
> - NETLINK_NFLOG, dev->dev.bus_id);
> + NETLINK_W1, dev->dev.bus_id);
> }
>
> err = device_register(&dev->dev);
> diff --git a/include/linux/netlink.h b/include/linux/netlink.h
> --- a/include/linux/netlink.h
> +++ b/include/linux/netlink.h
> @@ -20,7 +20,7 @@
> #define NETLINK_IP6_FW 13
> #define NETLINK_DNRTMSG 14 /* DECnet routing messages */
> #define NETLINK_KOBJECT_UEVENT 15 /* Kernel messages to userspace */
> -#define NETLINK_TAPBASE 16 /* 16 to 31 are ethertap */
> +#define NETLINK_W1 16 /* 16 to 31 are ethertap */
>
> #define MAX_LINKS 32
>
--
Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
|
|