Liping Zhang wrote:
> From: Liping Zhang
>
> We should skip the conntracks that belong to a different namespace,
> otherwise other unrelated netns's conntrack entries will be dumped via
> /proc/net/nf_conntrack.
>
> Fixes: 56d52d4892d0
From: Liping Zhang
We should skip the conntracks that belong to a different namespace,
otherwise other unrelated netns's conntrack entries will be dumped via
/proc/net/nf_conntrack.
Fixes: 56d52d4892d0 ("netfilter: conntrack: use a single hashtable for all
On Mon, Aug 15, 2016 at 02:23:43PM +0200, Carlos Falgueras García wrote:
> Use 'nftnl_expr_cmp' and 'nftnl_rule_cmp' in all tests instead of custom
> comparator for each one. If objects differ both are printed.
>
[...]
> diff --git a/tests/nft-chain-test.c b/tests/nft-chain-test.c
> index
Use 'nftnl_expr_cmp' and 'nftnl_rule_cmp' in all tests instead of custom
comparator for each one. If objects differ both are printed.
Signed-off-by: Carlos Falgueras García
---
tests/libtest.c | 44 +++
tests/libtest.h | 15
On 08/15/2016 01:03 PM, Pablo Neira Ayuso wrote:
On Mon, Aug 15, 2016 at 12:51:02PM +0200, Carlos Falgueras García wrote:
Checks array limits before access it and adds a missed translation.
Signed-off-by: Carlos Falgueras García
---
src/utils.c | 3 ++-
1 file changed, 2
On Mon, Aug 15, 2016 at 12:51:02PM +0200, Carlos Falgueras García wrote:
> Checks array limits before access it and adds a missed translation.
>
> Signed-off-by: Carlos Falgueras García
> ---
> src/utils.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff
Checks array limits before access it and adds a missed translation.
Signed-off-by: Carlos Falgueras García
---
src/utils.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/utils.c b/src/utils.c
index e2715a2..7264d1f 100644
--- a/src/utils.c
+++
Uses cmp2str() which checks array bounds.
Signed-off-by: Carlos Falgueras García
---
src/expr/cmp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/expr/cmp.c b/src/expr/cmp.c
index f3dd62c..5d51958 100644
--- a/src/expr/cmp.c
+++ b/src/expr/cmp.c
@@
On Mon, Aug 15, 2016 at 12:27:37PM +0200, Carlos Falgueras García wrote:
Please always add a description to your patches, even if it is only
one line to explain why we need this.
Thanks.
> Signed-off-by: Carlos Falgueras García
> ---
> src/expr/cmp.c | 2 +-
> 1 file
On Mon, Aug 15, 2016 at 12:27:36PM +0200, Carlos Falgueras García wrote:
> --- a/src/utils.c
> +++ b/src/utils.c
> @@ -23,6 +23,7 @@
> #include
>
> static const char *const nftnl_family_str[NFPROTO_NUMPROTO] = {
> + [NFPROTO_UNSPEC]= "unknown",
> [NFPROTO_INET] =
In stringification functions that uses string tables it is convenient to
check the array bounds and if the element is not null. Due use of
designated initializers string tables can have gaps set to null.
Signed-off-by: Carlos Falgueras García
---
src/expr/byteorder.c | 2 +-
On Sat, Aug 13, 2016 at 05:25:19PM +0200, Carlos Falgueras García wrote:
> Another possible solution is something like this:
>
> static const char *element2str(uint32_t element) {
> - if (element < MAX_ELEMENT)
> + if (element < MAX_ELEMENT ||
12 matches
Mail list logo