Re: [PATCH] 1 Wire drivers illegally overload NETLINK_NFLOG
On Sun, Jul 24, 2005 at 07:15:05PM -0700, David S. Miller wrote: > > I strongly disrecommend increasing NPROTO. Maybe we should look into > > reusing NETLINK_FIREWALL (which was an old 2.2.x kernel interface). > > ip_queue.c still uses NETLINK_FIREWALL so we really can't use > that. sorry, I didn't remember that ip_queue reused the 2.2.x netlink number :( We should have renamed it to make it clear. > So instead, as in the patch below, I solved this for now by using > the NETLINK_SKIP value which was reserved years ago yet never > made use of. thanks. -- - Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed."-- Paul Vixie pgpHVOu8MUreE.pgp Description: PGP signature
(was Re: [PATCH] 1 Wire drivers illegally overload NETLINK_NFLOG) Fw: Mail delivery failed: returning message to sender
Well, this may be the reason why Evgeniy thinks nobody has any concrete objections to his connector layer :-( --- Begin Message --- This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [EMAIL PROTECTED] SMTP error from remote mail server after initial connection: host mailer.campus.mipt.ru [194.85.82.4]: 554 mailer.campus.mipt.ru ESMTP not accepting messages -- This is a copy of the message, including all the headers. -- Return-path: <[EMAIL PROTECTED]> Received: from localhost ([127.0.0.1] ident=davem) by sunset.davemloft.net with esmtp (Exim 4.52) id 1DwsXV-0007pe-24; Sun, 24 Jul 2005 19:17:57 -0700 Date: Sun, 24 Jul 2005 19:17:56 -0700 (PDT) Message-Id: <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], linux-kernel@vger.kernel.org Subject: Re: [PATCH] 1 Wire drivers illegally overload NETLINK_NFLOG From: "David S. Miller" <[EMAIL PROTECTED]> In-Reply-To: <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> X-Mailer: Mew version 4.2 on Emacs 21.4 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit From: Evgeniy Polyakov <[EMAIL PROTECTED]> Date: Sat, 23 Jul 2005 13:14:55 +0400 > Andrew has no objection against connector and it lives in -mm A patch sitting in -mm has zero significance. A lot of junk and useless things end up there as often Andrew incorporates just about every single patch he sees posted to linux-kernel unless he personally knows of some reason why the change might be wrong. So "it's in -mm" is not a metric to use. > All objections against it was only type of - "I do not like it" > Dmitry had some bugfixes which were added. People like James Morris had very specific objections about it. You are a control freak and in general very very difficult to work with, so nobody wants to help you fix things up. --- End Message ---
Re: [PATCH] 1 Wire drivers illegally overload NETLINK_NFLOG
From: Evgeniy Polyakov <[EMAIL PROTECTED]> Date: Sat, 23 Jul 2005 13:14:55 +0400 > Andrew has no objection against connector and it lives in -mm A patch sitting in -mm has zero significance. A lot of junk and useless things end up there as often Andrew incorporates just about every single patch he sees posted to linux-kernel unless he personally knows of some reason why the change might be wrong. So "it's in -mm" is not a metric to use. > All objections against it was only type of - "I do not like it" > Dmitry had some bugfixes which were added. People like James Morris had very specific objections about it. You are a control freak and in general very very difficult to work with, so nobody wants to help you fix things up. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] 1 Wire drivers illegally overload NETLINK_NFLOG
From: Harald Welte <[EMAIL PROTECTED]>
Date: Sat, 23 Jul 2005 09:33:53 -0400
> I strongly disrecommend increasing NPROTO. Maybe we should look into
> reusing NETLINK_FIREWALL (which was an old 2.2.x kernel interface).
ip_queue.c still uses NETLINK_FIREWALL so we really can't use
that.
So instead, as in the patch below, I solved this for now by using
the NETLINK_SKIP value which was reserved years ago yet never
made use of.
diff --git a/drivers/w1/w1_int.c b/drivers/w1/w1_int.c
--- a/drivers/w1/w1_int.c
+++ b/drivers/w1/w1_int.c
@@ -88,7 +88,7 @@ static struct w1_master * w1_alloc_dev(u
dev->groups = 23;
dev->seq = 1;
- dev->nls = netlink_kernel_create(NETLINK_NFLOG, NULL);
+ dev->nls = netlink_kernel_create(NETLINK_W1, NULL);
if (!dev->nls) {
printk(KERN_ERR "Failed to create new netlink socket(%u) for w1
master %s.\n",
NETLINK_NFLOG, dev->dev.bus_id);
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -5,7 +5,7 @@
#include
#define NETLINK_ROUTE 0 /* Routing/device hook
*/
-#define NETLINK_SKIP 1 /* Reserved for ENskip
*/
+#define NETLINK_W1 1 /* 1-wire subsystem
*/
#define NETLINK_USERSOCK 2 /* Reserved for user mode socket
protocols */
#define NETLINK_FIREWALL 3 /* Firewalling hook
*/
#define NETLINK_TCPDIAG4 /* TCP socket monitoring
*/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] 1 Wire drivers illegally overload NETLINK_NFLOG
From: Harald Welte <[EMAIL PROTECTED]> Date: Sat, 23 Jul 2005 09:33:53 -0400 > I strongly disrecommend increasing NPROTO. Maybe we should look into > reusing NETLINK_FIREWALL (which was an old 2.2.x kernel interface). That is how I will fix this 1-wire case, by reusing the NETLINK_FIREWALL thing. > But to be honest, I don't really care all that much as long as existing > and still very actively used values are not just overloaded. Absolutely. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] 1 Wire drivers illegally overload NETLINK_NFLOG
On Sat, Jul 23, 2005 at 08:54:27AM -0400, Harald Welte ([EMAIL PROTECTED])
wrote:
> Hi Dave,
> Hi Evgeniy,
>
> the following patch fixes the illegal use of NETLINK_NFLOG by the
> 1wire drivers. It assumes that the netlink tap families can now safely
> be reclaimed, which is the case according to Dave at netconf'05.
>
> I'm not sure who would be the right person to fix this, but this patch
> needs to go into both 2.6.12.x and 2.6.13 trees, since it potentially
> causes a security problem by preventing the iptables ULOG
Yep.
Actually w1 uses it only for simple event notifications,
which definitely will be replaced with connector stuff...
So I woulf like to ask Dave about it, and if network people are still
against it, I have no objection against this patch.
But I sould definitely prefer to move all such simple events into separate
event bus.
> This has been the third new piece of code that reuses NETLINK_NFLOG
> within a couple of months. I would really appreciate if people would
> actually ask/apply for a new protocol number instead of just overloading
> existing values and thereby causing breakage.
I even know who added it... :)
I still have question opened about message bus and connector.
Andrew has no objection against connector and it lives in -mm
quite long time, although was several time removed due to GregKH i2c
tree changes. All objections against it was only type of - "I do not like it"
Dmitry had some bugfixes which were added.
It was tested under quite heavy load on different types of systems
without overhead (with CBUS) and with _very_ convenient way of
controlling kernelspace from userspace and reverse event bus.
> Thanks,
> Harald
>
> --
> - Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/
>
> "Fragmentation is like classful addressing -- an interesting early
>architectural error that shows how much experimentation was going
>on while IP was being designed."-- Paul Vixie
> Give the 1-wire driver stack its own netlink protocol number, instead of
> overloading NETLINK_NFLOG.
>
> I wonder what I have done to people, that they always overload the
> NETLINK_NFLOG protocol number and thereby effectively prevent the packet
> filter logging mechanism. Please don't re-use protocol numbers.
>
> Signed-off-by: Harald Welte <[EMAIL PROTECTED]>
>
> ---
> commit b4a566c332048b642506eff7de825fce710ff42c
> tree 07ef162f6d449dd67c586c9c63680004787b86c5
> parent d5d3fb40b6db511dbd47a84634a1249de6b7b297
> author laforge <[EMAIL PROTECTED]> Sa, 23 Jul 2005 08:41:24 -0400
> committer laforge <[EMAIL PROTECTED]> Sa, 23 Jul 2005 08:41:24 -0400
>
> drivers/w1/w1_int.c |4 ++--
> include/linux/netlink.h |2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/w1/w1_int.c b/drivers/w1/w1_int.c
> --- a/drivers/w1/w1_int.c
> +++ b/drivers/w1/w1_int.c
> @@ -88,10 +88,10 @@ static struct w1_master * w1_alloc_dev(u
>
> dev->groups = 23;
> dev->seq = 1;
> - dev->nls = netlink_kernel_create(NETLINK_NFLOG, NULL);
> + dev->nls = netlink_kernel_create(NETLINK_W1, NULL);
> if (!dev->nls) {
> printk(KERN_ERR "Failed to create new netlink socket(%u) for w1
> master %s.\n",
> - NETLINK_NFLOG, dev->dev.bus_id);
> + NETLINK_W1, dev->dev.bus_id);
> }
>
> err = device_register(&dev->dev);
> diff --git a/include/linux/netlink.h b/include/linux/netlink.h
> --- a/include/linux/netlink.h
> +++ b/include/linux/netlink.h
> @@ -20,7 +20,7 @@
> #define NETLINK_IP6_FW 13
> #define NETLINK_DNRTMSG 14 /* DECnet routing messages */
> #define NETLINK_KOBJECT_UEVENT 15 /* Kernel messages to userspace
> */
> -#define NETLINK_TAPBASE 16 /* 16 to 31 are ethertap */
> +#define NETLINK_W1 16 /* 16 to 31 are ethertap */
>
> #define MAX_LINKS 32
>
--
Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] 1 Wire drivers illegally overload NETLINK_NFLOG
On Fri, Jul 22, 2005 at 11:05:59PM -0400, YOSHIFUJI Hideaki / 吉藤英明 wrote: > In article <[EMAIL PROTECTED]> (at Sat, 23 Jul 2005 08:54:27 -0400), Harald > Welte <[EMAIL PROTECTED]> says: > > > --- a/include/linux/netlink.h > > +++ b/include/linux/netlink.h > > @@ -20,7 +20,7 @@ > > #define NETLINK_IP6_FW 13 > > #define NETLINK_DNRTMSG14 /* DECnet routing messages */ > > #define NETLINK_KOBJECT_UEVENT 15 /* Kernel messages to userspace > > */ > > -#define NETLINK_TAPBASE16 /* 16 to 31 are ethertap */ > > +#define NETLINK_W1 16 /* 16 to 31 are ethertap */ > > > > #define MAX_LINKS 32 > > > > Comment says that 16-31 are used for ethertap. > So, probably assigh NETLINK_W1 at 32, and bump MAX_LINKS? MAX_LINKS > 32 would result in larger statically allocated pointer arrays. It would also only work if NPROTO is increased too, IIRC. I strongly disrecommend increasing NPROTO. Maybe we should look into reusing NETLINK_FIREWALL (which was an old 2.2.x kernel interface). But to be honest, I don't really care all that much as long as existing and still very actively used values are not just overloaded. -- - Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed."-- Paul Vixie pgpTs1HzWp2SU.pgp Description: PGP signature
Re: [PATCH] 1 Wire drivers illegally overload NETLINK_NFLOG
In article <[EMAIL PROTECTED]> (at Sat, 23 Jul 2005 08:54:27 -0400), Harald Welte <[EMAIL PROTECTED]> says: > --- a/include/linux/netlink.h > +++ b/include/linux/netlink.h > @@ -20,7 +20,7 @@ > #define NETLINK_IP6_FW 13 > #define NETLINK_DNRTMSG 14 /* DECnet routing messages */ > #define NETLINK_KOBJECT_UEVENT 15 /* Kernel messages to userspace > */ > -#define NETLINK_TAPBASE 16 /* 16 to 31 are ethertap */ > +#define NETLINK_W1 16 /* 16 to 31 are ethertap */ > > #define MAX_LINKS 32 > Comment says that 16-31 are used for ethertap. So, probably assigh NETLINK_W1 at 32, and bump MAX_LINKS? --yoshfuji - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] 1 Wire drivers illegally overload NETLINK_NFLOG
Hi Dave,
Hi Evgeniy,
the following patch fixes the illegal use of NETLINK_NFLOG by the
1wire drivers. It assumes that the netlink tap families can now safely
be reclaimed, which is the case according to Dave at netconf'05.
I'm not sure who would be the right person to fix this, but this patch
needs to go into both 2.6.12.x and 2.6.13 trees, since it potentially
causes a security problem by preventing the iptables ULOG
This has been the third new piece of code that reuses NETLINK_NFLOG
within a couple of months. I would really appreciate if people would
actually ask/apply for a new protocol number instead of just overloading
existing values and thereby causing breakage.
Thanks,
Harald
--
- Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed."-- Paul Vixie
Give the 1-wire driver stack its own netlink protocol number, instead of
overloading NETLINK_NFLOG.
I wonder what I have done to people, that they always overload the
NETLINK_NFLOG protocol number and thereby effectively prevent the packet
filter logging mechanism. Please don't re-use protocol numbers.
Signed-off-by: Harald Welte <[EMAIL PROTECTED]>
---
commit b4a566c332048b642506eff7de825fce710ff42c
tree 07ef162f6d449dd67c586c9c63680004787b86c5
parent d5d3fb40b6db511dbd47a84634a1249de6b7b297
author laforge <[EMAIL PROTECTED]> Sa, 23 Jul 2005 08:41:24 -0400
committer laforge <[EMAIL PROTECTED]> Sa, 23 Jul 2005 08:41:24 -0400
drivers/w1/w1_int.c |4 ++--
include/linux/netlink.h |2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/w1/w1_int.c b/drivers/w1/w1_int.c
--- a/drivers/w1/w1_int.c
+++ b/drivers/w1/w1_int.c
@@ -88,10 +88,10 @@ static struct w1_master * w1_alloc_dev(u
dev->groups = 23;
dev->seq = 1;
- dev->nls = netlink_kernel_create(NETLINK_NFLOG, NULL);
+ dev->nls = netlink_kernel_create(NETLINK_W1, NULL);
if (!dev->nls) {
printk(KERN_ERR "Failed to create new netlink socket(%u) for w1
master %s.\n",
- NETLINK_NFLOG, dev->dev.bus_id);
+ NETLINK_W1, dev->dev.bus_id);
}
err = device_register(&dev->dev);
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -20,7 +20,7 @@
#define NETLINK_IP6_FW 13
#define NETLINK_DNRTMSG14 /* DECnet routing messages */
#define NETLINK_KOBJECT_UEVENT 15 /* Kernel messages to userspace */
-#define NETLINK_TAPBASE16 /* 16 to 31 are ethertap */
+#define NETLINK_W1 16 /* 16 to 31 are ethertap */
#define MAX_LINKS 32
pgpMMbFchIvsE.pgp
Description: PGP signature
