On Sun, 12 Mar 2017, Jozsef Kadlecsik wrote: > ipset 6.32 has been released, with just userspace part changes. > Omri Bahumi and Yoni Lavi discovered that due to the inproper handling of > the ipset output buffer, the output may be truncated. So for example in an > "ipset save" output, instead of 192.168.0.0/24, just 192.168.0.0 printed.
Small correction: it could also be truncated to "192.168.0.0/2", with all its implication when that is restored. > If you use "ipset save" and then "ipset restore" to restore the sets, this > may lead to wrong firewall rules. > > Please upgrade your ipset package. > > Userspace changes: > - Fix possible truncated output in ipset output buffer handling > (Reported by Omri Bahumi and Yoni Lavi). > - Missing prototype added in ipset_hash_ipmac.c (debugging) > > You can download the source code of ipset from: > http://ipset.netfilter.org > ftp://ftp.netfilter.org/pub/ipset/ > git://git.netfilter.org/ipset.git Best regards, Jozsef - E-mail : kad...@blackhole.kfki.hu, kadlecsik.joz...@wigner.mta.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
