[NETFILTER]: nfnetlink_log: fix sending of multipart messages

The following patch fixes the handling of netlink packets containing
multiple messages.

As exposed during netfilter workshop, nfnetlink_log was overwritten the
message type of the last message (setting it to MSG_DONE) in a multipart
packet. The consequence was libnfnetlink to ignore the last message in the
packet.

The following patch adds a supplementary message (with type MSG_DONE) af
the end of the netlink skb.

Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index e185a5b55913ce8b37af7de85b5e9a9f8b46f2e1..2351533a850755bebd1c9ca6b26c9462fd296cf8 100644 (file)
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -58,7 +58,6 @@ struct nfulnl_instance {
 
        unsigned int qlen;              /* number of nlmsgs in skb */
        struct sk_buff *skb;            /* pre-allocatd skb */
-       struct nlmsghdr *lastnlh;       /* netlink header of last msg in skb */
        struct timer_list timer;
        int peer_pid;                   /* PID of the peer process */
 
@@ -345,10 +344,12 @@ static struct sk_buff *nfulnl_alloc_skb(unsigned int inst_size,
 static int
 __nfulnl_send(struct nfulnl_instance *inst)
 {
-       int status;
+       int status = -1;
 
        if (inst->qlen > 1)
-               inst->lastnlh->nlmsg_type = NLMSG_DONE;
+               NLMSG_PUT(inst->skb, 0, 0,
+                         NLMSG_DONE,
+                         sizeof(struct nfgenmsg));
 
        status = nfnetlink_unicast(inst->skb, inst->peer_pid, MSG_DONTWAIT);
        if (status < 0) {
@@ -358,8 +359,8 @@ __nfulnl_send(struct nfulnl_instance *inst)
 
        inst->qlen = 0;
        inst->skb = NULL;
-       inst->lastnlh = NULL;
 
+nlmsg_failure:
        return status;
 }
 
@@ -538,7 +539,6 @@ __build_packet_message(struct nfulnl_instance *inst,
        }
 
        nlh->nlmsg_len = inst->skb->tail - old_tail;
-       inst->lastnlh = nlh;
        return 0;
 
 nlmsg_failure:
@@ -644,7 +644,8 @@ nfulnl_log_packet(unsigned int pf,
        }
 
        if (inst->qlen >= qthreshold ||
-           (inst->skb && size > skb_tailroom(inst->skb))) {
+           (inst->skb && size >
+            skb_tailroom(inst->skb) - sizeof(struct nfgenmsg))) {
                /* either the queue len is too high or we don't have
                 * enough room in the skb left. flush to userspace. */
                UDEBUG("flushing old skb\n");