Re: [PATCH 1/4, V2, libnftnl] tests: Fix segfaults due outbound access

On 08/13/2016 12:12 PM, Pablo Neira Ayuso wrote: On Fri, Aug 12, 2016 at 10:17:19PM +0200, Carlos Falgueras García wrote: Changes random values for macros because the conversion to string of these values are performed by accessing to an array of strings. Then, we should fix the functions to

[PATCH nf 2/2] netfilter: nfnetlink_acct: report overquota to the right netns

From: Liping Zhang We should report the over quota message to the right net namespace instead of the init netns. Signed-off-by: Liping Zhang --- include/linux/netfilter/nfnetlink_acct.h | 4 ++-- net/netfilter/nfnetlink_acct.c

[PATCH nf-next] netfilter: nfnetlink_log: add "nf-logger-3-1" module alias name

From: Liping Zhang Otherwise, if nfnetlink_log.ko is not loaded, we cannot add rules to log packets to the userspace when we specify it with arp family, such as: # nft add rule arp filter input log group 0 :1:1-37: Error: Could not process rule: No such file or

[PATCH V3 nf-next] netfilter: conntrack: simplify the code by using nf_conntrack_get_ht

From: Liping Zhang Since Commit 64b87639c9cb ("netfilter: conntrack: fix race between nf_conntrack proc read and hash resize") introdue the nf_conntrack_get_ht, so there's no need to check nf_conntrack_generation again and again to get the hash table and hash size.

[PATCH nf-next,v2] netfilter: remove ip_conntrack* sysctl compat code

From: Pablo Neira This backward compatibility has been around for more than ten years, since Yasuyuki Kozakai introduced IPv6 in conntrack. These days, we have alternate /proc/net/nf_conntrack* entries, the ctnetlink interface and the conntrack utility got adopted by many

Re: [PATCH 2/4, V2, libnftnl] tests: Fix wrong expression creation

Applied, thanks. On Fri, Aug 12, 2016 at 10:17:20PM +0200, Carlos Falgueras García wrote: > Signed-off-by: Carlos Falgueras García > --- > tests/nft-expr_masq-test.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tests/nft-expr_masq-test.c

Re: [PATCH 1/4, V2, libnftnl] tests: Fix segfaults due outbound access

On Fri, Aug 12, 2016 at 10:17:19PM +0200, Carlos Falgueras García wrote: > Changes random values for macros because the conversion to string of these > values are performed by accessing to an array of strings. Then, we should fix the functions to return "unknown" for out of bound access of the

Re: [PATCH] netfilter: remove ip_conntrack* sysctl compat code

Hi Pablo, 2016-08-12 19:47 GMT+08:00 Pablo Neira Ayuso : > diff --git a/net/netfilter/nf_conntrack_core.c > b/net/netfilter/nf_conntrack_core.c > index dd2c43a..22558b7 100644 > --- a/net/netfilter/nf_conntrack_core.c > +++ b/net/netfilter/nf_conntrack_core.c > @@ -161,10