diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2010-04-04 02:32:35 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2010-04-04 15:58:54 +0200 |
| commit | 117f033c413820739e6679c926a39a5b3f45ff79 (patch) | |
| tree | fd8ed9da15216992570be27ee55eafb235457fcb /examples/rtnl-route-dump.c | |
| parent | 8ce5d4ca70884654988eb86734cb3022e0b71995 (diff) | |
| download | libmnl-117f033c413820739e6679c926a39a5b3f45ff79.tar.gz libmnl-117f033c413820739e6679c926a39a5b3f45ff79.zip | |
check source of the netlink message and fix sequence tracking logic
This patch changes the callback handlers to include netlink portID
checking. Thus, we avoid that any malicious process can spoof
messages.
If portid, sequence number of the message is != 0, we check if the
message is what we expect. This allows to use the same netlink channel
for dumps (portid, seq != 0) and event-based notifications (portid, seq == 0).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'examples/rtnl-route-dump.c')
| -rw-r--r-- | examples/rtnl-route-dump.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/examples/rtnl-route-dump.c b/examples/rtnl-route-dump.c index eb36bbc..c3fd577 100644 --- a/examples/rtnl-route-dump.c +++ b/examples/rtnl-route-dump.c @@ -198,7 +198,7 @@ int main() struct nlmsghdr *nlh; struct rtmsg *rtm; int ret; - unsigned int seq; + unsigned int seq, portid; nlh = mnl_nlmsg_put_header(buf); nlh->nlmsg_type = RTM_GETROUTE; @@ -217,6 +217,7 @@ int main() perror("mnl_socket_bind"); exit(EXIT_FAILURE); } + portid = mnl_socket_get_portid(nl); if (mnl_socket_sendto(nl, nlh, mnl_nlmsg_get_len(nlh)) < 0) { perror("mnl_socket_send"); @@ -225,7 +226,7 @@ int main() ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); while (ret > 0) { - ret = mnl_cb_run(buf, ret, 0, data_cb, NULL); + ret = mnl_cb_run(buf, ret, seq, portid, data_cb, NULL); if (ret <= MNL_CB_STOP) break; ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); |