, vrf cycles the interface (i.e., sets it down and
immediately up again) and the others just don't care.
Support the common notion of setting the interface up after enslaving it
by sorting the operations accordingly.
Signed-off-by: Phil Sutter
---
net/core/rtnetlink.c | 14 +++-
On Wed, May 29, 2019 at 09:41:07AM -0600, David Ahern wrote:
> On 5/29/19 7:51 AM, Phil Sutter wrote:
> > Unlike with bridges, one can't add an interface to a bond and set it up
> > at the same time:
> >
> > | # ip link set dummy0 down
> > | # ip link
Hi David,
On Fri, May 31, 2019 at 02:26:15PM -0700, David Miller wrote:
> From: Phil Sutter
> Date: Wed, 29 May 2019 15:51:20 +0200
>
> > Unlike with bridges, one can't add an interface to a bond and set it up
> > at the same time:
> >
> > | # ip link set
lling!
Florian Westphal (4):
xtables-monitor: fix rule printing
xtables-monitor: fix packet family protocol
xtables-monitor: print packet first
xtables-monitor: 'LL=0x304' is not very convenient, print LOOPBACK instead.
Pablo Neira Ayuso (1):
tests: shell: update format of registers
Hi!
Playing with u32 filter's hash table I noticed it is not possible to use
'sample' option with keys larger than 8bits to calculate the hash
bucket. Turns out key hashing in kernel and iproute2 differ:
* net/sched/cls_u32.c (kernel) basically does:
hash = ntohl(key & mask);
hash >>= ffs(ntohl(
Hi Jamal,
On Wed, Jan 20, 2021 at 08:55:11AM -0500, Jamal Hadi Salim wrote:
> On 2021-01-18 6:29 a.m., Phil Sutter wrote:
> > Hi!
> >
> > Playing with u32 filter's hash table I noticed it is not possible to use
> > 'sample' option with keys larger t
Hi Jamal,
On Fri, Jan 22, 2021 at 06:25:22AM -0500, Jamal Hadi Salim wrote:
[...]
> Is this always true though for all scenarios of key > 8b?
Key size reduction algorithms simply differ, and before applying the
divisor the key is reduced to an eight bit value. If the higher bytes
are zero, the re
Jamal,
On Fri, Jan 22, 2021 at 06:25:22AM -0500, Jamal Hadi Salim wrote:
[...]
> My gut feel is user space is the right/easier spot to fix this
> as long as it doesnt break the working setup of 8b.
One last attempt at clarifying the situation:
Back in 2004, your commit 4e54c4816bf ("[NET]: Add t
Hi Nicolas,
On Thu, Dec 10, 2020 at 02:18:45PM +0100, Nicolas Dichtel wrote:
> Le 10/12/2020 à 12:48, Eyal Birger a écrit :
> > On Thu, Dec 10, 2020 at 1:10 PM Nicolas Dichtel
> > wrote:
> [snip]
> > I also think they should be consistent. But it'd still be confusing to me
> > to get an OUTPUT ho
ix and simplify make_path()")
> Signed-off-by: Andrea Claudi
Acked-by: Phil Sutter
Thanks, Phil
On Fri, Dec 18, 2020 at 08:09:23PM +0100, Andrea Claudi wrote:
> Functions get_cgroup2_id() and get_cgroup2_path() uncorrectly performs
> cleanup on the single return point. Both of them may get to use close()
> with a negative argument, if open() fails.
>
> Fix this adding proper labels and gotos
again from netfilter's point of view.
Fixes: f203b76d78092 ("xfrm: Add virtual xfrm interfaces")
Signed-off-by: Phil Sutter
---
Changes since v1:
- Extend recipients list, no code changes.
---
net/xfrm/xfrm_interface.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ne
Hi Nicolas,
On Tue, Dec 08, 2020 at 10:02:16AM +0100, Nicolas Dichtel wrote:
> Le 07/12/2020 à 14:43, Phil Sutter a écrit :
[...]
> > diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c
> > index aa4cdcf69d471..24af61c95b4d4 100644
> > --- a/net/xfrm/xfrm_inte
Hi Eyal,
On Tue, Dec 08, 2020 at 04:47:02PM +0200, Eyal Birger wrote:
> On Mon, Dec 7, 2020 at 4:07 PM Phil Sutter wrote:
> >
> > With an IPsec tunnel without dedicated interface, netfilter sees locally
> > generated packets twice as they exit the physical interface: O
t danger of applying REJECT to INVALID CTs
build: resolve iptables-apply not getting installed
Maciej Żenczykowski (1):
libxtables: compiler warning fixes for NO_SHARED_LIBS
Pablo Neira Ayuso (3):
extensions: libxt_conntrack: provide translation for DNAT and SNAT
--ctstate
iptables: replace l
William,
[Cc'ing netdev list as that's the place to discuss iproute2
development.]
On Fri, Feb 26, 2021 at 12:04:12PM -0600, William Chen wrote:
> I see your excellent contributions to iproute2. I hope that you are well.
Thanks!
> But I have to say the command name "ip" is not good. It renders
alone was not sufficient - additional byteorder fixes were
needed.
While being at it, make use of ffs() and thereby align the code with how
kernel determines the shift width.
Fixes: 267480f55383c ("Backout the 2.4 utsname hash patch.")
Signed-off-by: Phil Sutter
---
Initially I considere
On Mon, Mar 01, 2021 at 08:20:33AM +0200, Leon Romanovsky wrote:
> On Sun, Feb 28, 2021 at 10:39:14PM +0100, Phil Sutter wrote:
> > William,
> >
> > [Cc'ing netdev list as that's the place to discuss iproute2
> > development.]
>
> <...>
>
&g
Jamal,
On Thu, Feb 04, 2021 at 08:19:55AM -0500, Jamal Hadi Salim wrote:
> I couldnt tell by inspection if what used to work before continues to.
> In particular the kernel version does consider the divisor when folding.
That's correct. And so does tc. What's the matter?
> Two examples that curr
On Thu, Feb 04, 2021 at 09:34:01AM -0500, Jamal Hadi Salim wrote:
> On 2021-02-04 9:04 a.m., Phil Sutter wrote:
> > Jamal,
> >
> > On Thu, Feb 04, 2021 at 08:19:55AM -0500, Jamal Hadi Salim wrote:
> >> I couldnt tell by inspection if what used to work before contin
On Thu, Feb 04, 2021 at 10:28:26AM -0500, Jamal Hadi Salim wrote:
> On 2021-02-04 9:50 a.m., Phil Sutter wrote:
> > On Thu, Feb 04, 2021 at 09:34:01AM -0500, Jamal Hadi Salim wrote:
> >> On 2021-02-04 9:04 a.m., Phil Sutter wrote:
> >>> Jamal,
> >>>
>
Kernel's key folding basically consists of shifting away least
significant zero bits in mask and masking the resulting value with
(divisor - 1). Test for u32's 'sample' option to behave identical.
Suggested-by: Jamal Hadi Salim
Signed-off-by: Phil Sutter
---
These tests
Synopsis section was inconsistent with regards to help text and later
description of ssthresh parameter.
Signed-off-by: Phil Sutter
---
man/man8/ip-route.8.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/man8/ip-route.8.in b/man/man8/ip-route.8.in
index 487a87489a46a
This has to be a second match statement to the same u32 filter, not a
second one (which tc-filter doesn't support at all).
Signed-off-by: Phil Sutter
---
man/man8/tc-vlan.8 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/man8/tc-vlan.8 b/man/man8/tc-vlan.8
The problematic bit was the 'expr: expr expr' rule. Fix this by making
'expr' token represent a single filter only and introduce a new token
'exprlist' to represent a combination of filters.
Signed-off-by: Phil Sut
length array, use this knowledge to make the
inner array of fixed length. But since DB values start from zero, an
explicit end entry needs to be present as well, so the inner array has
to be MAX_DB + 1 in size.
Signed-off-by: Phil Sutter
---
misc/ss.c | 114
Instead call filter_db_parse(..., "all"). This eliminates the duplicate
default DB definition.
Signed-off-by: Phil Sutter
---
misc/ss.c | 19 +--
1 file changed, 1 insertion(+), 18 deletions(-)
diff --git a/misc/ss.c b/misc/ss.c
index e6511014ba3f4..ab2f07b9e5d4d 10
passed to '-A' parameter with an
exclamation mark to inverse its meaning.
Signed-off-by: Phil Sutter
---
man/man8/ss.8 | 8 -
misc/ss.c | 108 --
2 files changed, 66 insertions(+), 50 deletions(-)
diff --git a/man/man8/
The first patch in this series adds the new functionality, the remaining
two refactor the code a bit.
Phil Sutter (3):
ss: Allow excluding a socket table from being queried
ss: Put filter DB parsing into a separate function
ss: Drop filter_default_dbs()
man/man8/ss.8 | 8 +++-
misc/ss.c
On Tue, Mar 27, 2018 at 11:46:01AM -0700, Stephen Hemminger wrote:
> On Sat, 24 Mar 2018 19:18:10 +0100
> Phil Sutter wrote:
>
> > +#define ENTRY(name, ...) { #name, { __VA_ARGS__, MAX_DB }}
>
> > + ENTRY(all, UDP_DB, DCCP_DB, TCP_DB, RAW_DB, \
> > +
length array, use this knowledge to make the
inner array of fixed length. But since DB values start from zero, an
explicit end entry needs to be present as well, so the inner array has
to be MAX_DB + 1 in size.
Signed-off-by: Phil Sutter
---
Changes since v1:
- Fix checkpatch errors.
misc/ss.c
passed to '-A' parameter with an
exclamation mark to inverse its meaning.
Signed-off-by: Phil Sutter
---
man/man8/ss.8 | 8 -
misc/ss.c | 108 --
2 files changed, 66 insertions(+), 50 deletions(-)
diff --git a/man/man8/
Instead call filter_db_parse(..., "all"). This eliminates the duplicate
default DB definition.
Signed-off-by: Phil Sutter
---
misc/ss.c | 19 +--
1 file changed, 1 insertion(+), 18 deletions(-)
diff --git a/misc/ss.c b/misc/ss.c
index 83e476a0407e5..fc8e2a0d719fd 10
errors in patch 2/3.
Phil Sutter (3):
ss: Allow excluding a socket table from being queried
ss: Put filter DB parsing into a separate function
ss: Drop filter_default_dbs()
man/man8/ss.8 | 8 +++-
misc/ss.c | 147 +++---
2 files
On Tue, Aug 15, 2017 at 08:07:25AM -0700, Stephen Hemminger wrote:
> On Sat, 12 Aug 2017 14:04:19 +0200
> Phil Sutter wrote:
>
> > Covscan really wasn't amused (indicated by the number of patches in this
> > series). Try to make it happy.
> >
> > Phil Su
On Tue, Aug 15, 2017 at 08:13:08AM -0700, Stephen Hemminger wrote:
> On Sat, 12 Aug 2017 14:04:22 +0200
> Phil Sutter wrote:
>
> > The buffer is accessed outside of the function defining it, so make it
> > static.
> >
> > Signed-off-by: Phil Sutter
>
> W
On Tue, Aug 15, 2017 at 08:10:49AM -0700, Stephen Hemminger wrote:
> On Sat, 12 Aug 2017 14:04:24 +0200
> Phil Sutter wrote:
>
> > can_state_names array contains at most CAN_STATE_MAX fields, so allowing
> > an index to it to be equal to that number is wrong. While here, a
On Tue, Aug 15, 2017 at 08:15:55AM -0700, Stephen Hemminger wrote:
> On Sat, 12 Aug 2017 14:04:40 +0200
> Phil Sutter wrote:
>
> > Both addattr_l() and rta_addattr_l() may be called with NULL data
> > pointer and 0 alen parameters. Avoid calling memcpy() in that case.
&
On Tue, Aug 15, 2017 at 09:09:45AM -0700, Stephen Hemminger wrote:
> On Sat, 12 Aug 2017 14:05:09 +0200
> Phil Sutter wrote:
>
> > +void assert_valid_dev_name(const char *, const char *);
>
> Not a fan of long function names.
> “I have only made this letter longer be
This series collects patches from v1 which deal with potential file
descriptor leaks.
No changes to the actual patches, just splitting into smaller series.
Phil Sutter (2):
ss: Don't leak fd in tcp_show_netlink_file()
tc/em_ipset: Don't leak sockfd on error path
misc/ss.
Otherwise info.st_size may contain garbage.
Signed-off-by: Phil Sutter
---
netem/maketable.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/netem/maketable.c b/netem/maketable.c
index 6aff927be7040..ad660e7d457f0 100644
--- a/netem/maketable.c
+++ b/netem/maketable.c
Prevent passing NULL FILE pointer to fgets() later.
Fix both tools in a single patch since the code changes are basically
identical.
Signed-off-by: Phil Sutter
---
misc/ifstat.c | 16 +++-
misc/nstat.c | 16 +++-
2 files changed, 22 insertions(+), 10 deletions(-)
diff
After '*b = *a', 'b->next' already has the same value as 'a->next'.
Signed-off-by: Phil Sutter
---
misc/ss.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/misc/ss.c b/misc/ss.c
index 2debccce5260b..b2a7f069e294c 100644
--- a/misc/ss.c
+++ b/misc/s
This has the additional benefit of initializing st.ino to zero which is
used later in is_sctp_assoc() function.
Signed-off-by: Phil Sutter
---
misc/ss.c | 13 +++--
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/misc/ss.c b/misc/ss.c
index b2a7f069e294c..d767b1103ea81
alue of 16
to strncpy() would overwrite the previously NULL'ed 'k[15]'. Also, the
sanitization has to happen if 'tname' is exactly 16 bytes long as
well.
Signed-off-by: Phil Sutter
---
tc/m_xt.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
Signed-off-by: Phil Sutter
---
tc/em_ipset.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tc/em_ipset.c b/tc/em_ipset.c
index fab975f5ea563..b59756515d239 100644
--- a/tc/em_ipset.c
+++ b/tc/em_ipset.c
@@ -84,6 +84,7 @@ static int get_version(unsigned int *version)
res
Signed-off-by: Phil Sutter
---
tipc/bearer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tipc/bearer.c b/tipc/bearer.c
index c3d4491f8f6ef..0598328ab1f1b 100644
--- a/tipc/bearer.c
+++ b/tipc/bearer.c
@@ -438,8 +438,8 @@ static int cmd_bearer_enable(struct nlmsghdr
Covscan complained about dead code but after reading it, I assume the
author's intention was to prefix the interface list with 'Oifs: '.
Initializing first to 1 and setting it to 0 after above prefix was
printed should fix it.
Signed-off-by: Phil Sutter
---
ip/iproute.c | 8 +
Fixes: 2d0e538f3e1cd ("ss: Drop list traversal from unix_stats_print()")
Signed-off-by: Phil Sutter
---
misc/ss.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/misc/ss.c b/misc/ss.c
index 07eecfa7a36db..34c6da5443642 100644
--- a/misc/ss.c
+++ b/misc/ss.c
Signed-off-by: Phil Sutter
---
misc/ifstat.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/misc/ifstat.c b/misc/ifstat.c
index a853ee6d7e3b3..8fa354265a9a1 100644
--- a/misc/ifstat.c
+++ b/misc/ifstat.c
@@ -143,8 +143,10 @@ static int get_nlmsg_extended(const struct
Assuming 'opt' might be NULL, move the call to RTA_PAYLOAD to after the
check since it dereferences its parameter.
Signed-off-by: Phil Sutter
---
tc/q_netem.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tc/q_netem.c b/tc/q_netem.c
index 0975ae111de97..7e3
Signed-off-by: Phil Sutter
---
tipc/bearer.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tipc/bearer.c b/tipc/bearer.c
index 810344f672af1..c3d4491f8f6ef 100644
--- a/tipc/bearer.c
+++ b/tipc/bearer.c
@@ -163,6 +163,7 @@ static int nl_add_udp_enable_opts(struct nlmsghdr *nlh,
struct
dl_argv_handle_both() will either assign to handle_bit or error out in
which case the variable is not used by the caller.
Signed-off-by: Phil Sutter
---
devlink/devlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/devlink/devlink.c b/devlink/devlink.c
index
Signed-off-by: Phil Sutter
---
ip/iproute_lwtunnel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ip/iproute_lwtunnel.c b/ip/iproute_lwtunnel.c
index 398ab5e077ed8..1a3dc4d4c0ed9 100644
--- a/ip/iproute_lwtunnel.c
+++ b/ip/iproute_lwtunnel.c
@@ -643,7 +643,7 @@ static int
Signed-off-by: Phil Sutter
---
ip/ipntable.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ip/ipntable.c b/ip/ipntable.c
index 879626ee4f491..7be1f04d33d90 100644
--- a/ip/ipntable.c
+++ b/ip/ipntable.c
@@ -633,7 +633,8 @@ static int ipntable_show(int argc, char **argv
Signed-off-by: Phil Sutter
---
misc/ss.c | 32
1 file changed, 20 insertions(+), 12 deletions(-)
diff --git a/misc/ss.c b/misc/ss.c
index d767b1103ea81..07eecfa7a36db 100644
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -2687,41 +2687,44 @@ static int tcp_show_netlink_file
multiq_parse_opt() doesn't change 'opt' at all. So at least make sure
it doesn't fill TCA_OPTIONS attribute with garbage from stack.
Signed-off-by: Phil Sutter
---
tc/q_multiq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tc/q_multiq.c b/tc/q_multiq.c
A field width of 4096 allows fscanf() to store that amount of characters
into the given buffer, though that doesn't include the terminating NULL
byte. Decrease the value by one to leave space for it.
Signed-off-by: Phil Sutter
---
lib/fs.c | 2 +-
1 file changed, 1 insertion(+), 1 del
The buffer is accessed outside of the function defining it, so make it
static.
Signed-off-by: Phil Sutter
---
ip/ipaddress.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ip/ipaddress.c b/ip/ipaddress.c
index 4d37c5e045071..3c9decb51b412 100644
--- a/ip/ipaddress.c
+++ b
The passed 'addr' parameter is dereferenced by caller before and in
parse_hostcond() multiple times before this check, so assume it is
always true.
Signed-off-by: Phil Sutter
---
misc/ss.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/misc/ss.c b/misc/
ent
happens anywhere, all remaining checks for 'ok != 0' can be dropped.
Signed-off-by: Phil Sutter
---
tc/m_gact.c | 14 +++---
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/tc/m_gact.c b/tc/m_gact.c
index 1a2583372c34e..df143c9e0953e 100644
--- a/tc/m_gact
from upstream.
No changes to the actual patches, just splitting into smaller series.
Phil Sutter (7):
ipntable: Make sure filter.name is NULL-terminated
xfrm_state: Make sure alg_name is NULL-terminated
lib/fs: Fix format string in find_fs_mount()
lib/inet_proto: Make sure destination buffers are
This variable is initialized at declaration and nowhere else does any
assignment to it happen, so just drop the check.
Signed-off-by: Phil Sutter
---
ip/ipntable.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/ip/ipntable.c b/ip/ipntable.c
index 7be1f04d33d90..30907146e85a3 100644
--- a
rs, bash prints "integer expression expected"
instead of "too many arguments".
- Use -print0/-0 when piping from find to xargs to allow for filenames
which contain whitespace.
- Quote arguments to 'eval' to prevent word-splitting.
Signed-off-by: Ph
Apart from trying to close(-1), this also leaked memory.
Signed-off-by: Phil Sutter
---
ip/ipvrf.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/ip/ipvrf.c b/ip/ipvrf.c
index 0094cf8557cd7..e6fad32abd956 100644
--- a/ip/ipvrf.c
+++ b/ip/ipvrf.c
@@ -372,12 +372,12
If no address was given, ipaddr_modify() accesses uninitialized data
when assigning to req.ifa.ifa_prefixlen.
Signed-off-by: Phil Sutter
---
ip/ipaddress.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ip/ipaddress.c b/ip/ipaddress.c
index 3c9decb51b412..9307c9416dde3
This series collects those patches from v1 which are clear programming
flaws.
No changes to the actual patches, just splitting into smaller series.
Phil Sutter (3):
iproute_lwtunnel: csum_mode value checking was ineffective
iproute_lwtunnel: Argument to strerror must be positive
tipc/node
This series collects patches from v1 which resolve situations where
garbage might be read, either due to missing initialization of
variables or accessing data which went out of scope.
No changes to the actual patches, just splitting into smaller series.
Phil Sutter (7):
ipaddress: Make buffer
socket() returns -1 on error, not 0.
Signed-off-by: Phil Sutter
---
tipc/node.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tipc/node.c b/tipc/node.c
index 201fe1a4df3bd..fe085aec9b4ac 100644
--- a/tipc/node.c
+++ b/tipc/node.c
@@ -109,7 +109,8 @@ static int
The later check for 'k[0] != 0' requires a non-empty filter name,
otherwise NULL pointer dereference in 'q' might happen.
Signed-off-by: Phil Sutter
---
tc/tc_filter.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tc/tc_filter.c b/tc/tc_filter.c
index b13fb918
Signed-off-by: Phil Sutter
---
lib/ll_map.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/ll_map.c b/lib/ll_map.c
index 4e4556c9ac80b..4d06eb69f138a 100644
--- a/lib/ll_map.c
+++ b/lib/ll_map.c
@@ -120,11 +120,11 @@ int ll_remember_index(const struct sockaddr_nl
Signed-off-by: Phil Sutter
---
lib/inet_proto.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/lib/inet_proto.c b/lib/inet_proto.c
index ceda082b12a2e..87ed4769fc3da 100644
--- a/lib/inet_proto.c
+++ b/lib/inet_proto.c
@@ -35,8 +35,10 @@ const char *inet_proto_n2a
If the string at 'p' contains neither space not newline, 'p' will become
NULL. Make sure this isn't the case before dereferencing it.
Signed-off-by: Phil Sutter
---
misc/nstat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/misc/nstat.c b/misc/ns
Since 'id' is 32bit unsigned, it can never exceed RT_TABLE_MAX (which is
defined to 0x). Therefore drop that never matching conditional.
Signed-off-by: Phil Sutter
---
lib/rt_names.c | 4
1 file changed, 4 deletions(-)
diff --git a/lib/rt_names.c b/lib/rt_nam
Relying upon callers and using unsafe strcpy() is probably not the best
idea. Aside from that, using snprintf() allows to format the string for
lf->path in one go.
Signed-off-by: Phil Sutter
---
misc/lnstat_util.c | 7 ++-
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/m
This series collects patches from v1 which eliminate possible cases of
NULL pointer dereferences.
No changes to the actual patches, just splitting into smaller series.
Phil Sutter (5):
ifstat, nstat: Check fdopen() return value
nstat: Fix for potential NULL pointer dereference
tc/q_netem
ila_csum_name2mode() returning -1 on error but being declared as
returning __u8 doesn't make much sense. Change the code to correctly
detect this issue. Checking for __u8 overruns shouldn't be necessary
though since ila_csum_name2mode() return values are well-defined.
Signed-off-by: P
Signed-off-by: Phil Sutter
---
ip/xfrm_state.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index e11c93bf1c3b5..7c0389038986e 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -125,7 +125,8 @@ static int xfrm_algo_parse(struct
This prevents word-splitting and therefore leads to more accurate error
message in case 'grep -c' prints something other than a number.
Signed-off-by: Phil Sutter
---
ip/ifcfg | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ip/ifcfg b/ip/ifcfg
index 083
This series collects patches from v1 which deal with dead code, either
by removing it or changing context so it is accessed again if that makes
sense.
No changes to the actual patches, just splitting into smaller series.
Phil Sutter (7):
devlink: No need for this self-assignment
ipntable: No
Looks like this was forgotten when converting to common json output
formatter.
Fixes: fcc16c2287bf8 ("provide common json output formatter")
Signed-off-by: Phil Sutter
---
misc/ifstat.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/misc/ifstat.c b/mis
can_state_names array contains at most CAN_STATE_MAX fields, so allowing
an index to it to be equal to that number is wrong. While here, also
make sure the array is indeed that big so nothing bad happens if
CAN_STATE_MAX ever increases.
Signed-off-by: Phil Sutter
---
ip/iplink_can.c | 4 ++--
1
This series collects patches from v1 which deal with potential memory leaks.
No changes to the actual patches, just splitting into smaller series.
Phil Sutter (5):
ipvrf: Fix error path of vrf_switch()
ifstat: Fix memleak in error case
ifstat: Fix memleak in dump_kern_db() for json output
Looks like this can only happen if /proc/net/igmp is malformed, but
better be sure.
Signed-off-by: Phil Sutter
---
ip/ipmaddr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ip/ipmaddr.c b/ip/ipmaddr.c
index 4f726fdd976f1..85a69e779563d 100644
--- a/ip/ipmaddr.c
+++ b/ip
This series collects patches from v1 which deal with programming
mistakes in shell scripts.
No changes to the actual patches, just splitting into smaller series.
Phil Sutter (2):
examples: Some shell fixes to cbq.init
ifcfg: Quote left-hand side of [ ] expression
examples/cbq.init-v0.7.3
On Thu, Aug 17, 2017 at 09:48:50PM +0200, Jiri Pirko wrote:
> Thu, Aug 17, 2017 at 07:09:25PM CEST, p...@nwl.cc wrote:
> >dl_argv_handle_both() will either assign to handle_bit or error out in
> >which case the variable is not used by the caller.
>
> I'm pretty sure that I did this to silence the
Hi David,
On Fri, Aug 18, 2017 at 09:19:16AM +, David Laight wrote:
> From: Phil Sutter
> > Sent: 17 August 2017 18:09
> > To: Stephen Hemminger
> > Cc: netdev@vger.kernel.org
> > Subject: [iproute PATCH v2 1/7] ipntable: Make sure filter.name is
> > NULL-
On Fri, Aug 18, 2017 at 09:30:35AM +, David Laight wrote:
> From: Phil Sutter
> > Sent: 17 August 2017 18:10
> > The later check for 'k[0] != 0' requires a non-empty filter name,
> > otherwise NULL pointer dereference in 'q' might happen.
> >
On Fri, Aug 18, 2017 at 09:21:34AM +, David Laight wrote:
> From: Phil Sutter
> > Sent: 17 August 2017 18:10
> > Signed-off-by: Phil Sutter
> > ---
> > ip/iproute_lwtunnel.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
>
On Fri, Aug 18, 2017 at 09:32:52AM +, David Laight wrote:
> From: Phil Sutter
> > Sent: 17 August 2017 18:10
> > This prevents word-splitting and therefore leads to more accurate error
> > message in case 'grep -c' prints something other than a number.
>
On Thu, Aug 17, 2017 at 07:09:25PM +0200, Phil Sutter wrote:
> The buffer is accessed outside of the function defining it, so make it
> static.
>
> Signed-off-by: Phil Sutter
Self-NACK: Access to flushb should be sane since all accessors are
called from ipaddr_flush(). Looking at
On Fri, Aug 18, 2017 at 04:32:47PM +, David Laight wrote:
> From: Phil Sutter
> > Sent: 18 August 2017 11:52
> > On Fri, Aug 18, 2017 at 09:19:16AM +, David Laight wrote:
> > > From: Phil Sutter
> > > > Sent: 17 August 2017 18:09
> > &g
On Fri, Aug 18, 2017 at 09:37:33AM -0700, Stephen Hemminger wrote:
> On Thu, 17 Aug 2017 19:09:29 +0200
> Phil Sutter wrote:
>
> > Signed-off-by: Phil Sutter
> > ---
> > lib/inet_proto.c | 9 ++---
> > 1 file changed, 6 insertions(+), 3 deletions(-)
> &g
On Fri, Aug 18, 2017 at 04:34:44PM +, David Laight wrote:
> From: Phil Sutter
> > Sent: 18 August 2017 12:16
> > On Fri, Aug 18, 2017 at 09:30:35AM +, David Laight wrote:
> > > From: Phil Sutter
> > > > Sent: 17 August 2017 18:10
> > > > The
This has the additional benefit of initializing st.ino to zero which is
used later in is_sctp_assoc() function.
Signed-off-by: Phil Sutter
---
misc/ss.c | 13 +++--
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/misc/ss.c b/misc/ss.c
index 10360e5a04ff8..63d12871dd826
Looks like this can only happen if /proc/net/igmp is malformed, but
better be sure.
Signed-off-by: Phil Sutter
---
ip/ipmaddr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ip/ipmaddr.c b/ip/ipmaddr.c
index 4f726fdd976f1..85a69e779563d 100644
--- a/ip/ipmaddr.c
+++ b/ip
This series collects patches from v1 which resolve situations where
garbage might be read, either due to missing initialization of
variables or accessing data which went out of scope.
Changes since v2:
- Rebased onto current master branch.
- Dropped first patch since it is not a real issue.
Phil
multiq_parse_opt() doesn't change 'opt' at all. So at least make sure
it doesn't fill TCA_OPTIONS attribute with garbage from stack.
Signed-off-by: Phil Sutter
---
tc/q_multiq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tc/q_multiq.c b/tc/q_multiq.c
can_state_names array contains at most CAN_STATE_MAX fields, so allowing
an index to it to be equal to that number is wrong. While here, also
make sure the array is indeed that big so nothing bad happens if
CAN_STATE_MAX ever increases.
Signed-off-by: Phil Sutter
---
ip/iplink_can.c | 4 ++--
1
Otherwise info.st_size may contain garbage.
Signed-off-by: Phil Sutter
---
netem/maketable.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/netem/maketable.c b/netem/maketable.c
index 6aff927be7040..ad660e7d457f0 100644
--- a/netem/maketable.c
+++ b/netem/maketable.c
1 - 100 of 1099 matches
Mail list logo
