Re: [PATCH nf] netfilter: conntrack: do not dump other netns's conntrack entries via proc

Liping Zhang wrote: > From: Liping Zhang > > We should skip the conntracks that belong to a different namespace, > otherwise other unrelated netns's conntrack entries will be dumped via > /proc/net/nf_conntrack. > > Fixes: 56d52d4892d0

[PATCH nf] netfilter: conntrack: do not dump other netns's conntrack entries via proc

From: Liping Zhang We should skip the conntracks that belong to a different namespace, otherwise other unrelated netns's conntrack entries will be dumped via /proc/net/nf_conntrack. Fixes: 56d52d4892d0 ("netfilter: conntrack: use a single hashtable for all

Re: [PATCH 2/2 v2 libnftnl] test: Use libnftnl comparators in all tests

On Mon, Aug 15, 2016 at 02:23:43PM +0200, Carlos Falgueras García wrote: > Use 'nftnl_expr_cmp' and 'nftnl_rule_cmp' in all tests instead of custom > comparator for each one. If objects differ both are printed. > [...] > diff --git a/tests/nft-chain-test.c b/tests/nft-chain-test.c > index

[PATCH 2/2 v2 libnftnl] test: Use libnftnl comparators in all tests

Use 'nftnl_expr_cmp' and 'nftnl_rule_cmp' in all tests instead of custom comparator for each one. If objects differ both are printed. Signed-off-by: Carlos Falgueras García --- tests/libtest.c | 44 +++ tests/libtest.h | 15

Re: [PATCH 1/2 libnftnl] utils: Fix out of bound access in nftnl_family2str

On 08/15/2016 01:03 PM, Pablo Neira Ayuso wrote: On Mon, Aug 15, 2016 at 12:51:02PM +0200, Carlos Falgueras García wrote: Checks array limits before access it and adds a missed translation. Signed-off-by: Carlos Falgueras García --- src/utils.c | 3 ++- 1 file changed, 2

Re: [PATCH 1/2 libnftnl] utils: Fix out of bound access in nftnl_family2str

On Mon, Aug 15, 2016 at 12:51:02PM +0200, Carlos Falgueras García wrote: > Checks array limits before access it and adds a missed translation. > > Signed-off-by: Carlos Falgueras García > --- > src/utils.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff

[PATCH 1/2 libnftnl] utils: Fix out of bound access in nftnl_family2str

Checks array limits before access it and adds a missed translation. Signed-off-by: Carlos Falgueras García --- src/utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/utils.c b/src/utils.c index e2715a2..7264d1f 100644 --- a/src/utils.c +++

[PATCH 2/2 libnfntl] expr: cmp: Use cmp2str() instead of directly access to array

Uses cmp2str() which checks array bounds. Signed-off-by: Carlos Falgueras García --- src/expr/cmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/expr/cmp.c b/src/expr/cmp.c index f3dd62c..5d51958 100644 --- a/src/expr/cmp.c +++ b/src/expr/cmp.c @@

Re: [PATCH 2/2 libnftnl] expr: cmp: Use cmp2str() instead of directly access to array

On Mon, Aug 15, 2016 at 12:27:37PM +0200, Carlos Falgueras García wrote: Please always add a description to your patches, even if it is only one line to explain why we need this. Thanks. > Signed-off-by: Carlos Falgueras García > --- > src/expr/cmp.c | 2 +- > 1 file

Re: [PATCH 1/2 libnftnl] expr: Improve bound checking in stringification functions

On Mon, Aug 15, 2016 at 12:27:36PM +0200, Carlos Falgueras García wrote: > --- a/src/utils.c > +++ b/src/utils.c > @@ -23,6 +23,7 @@ > #include > > static const char *const nftnl_family_str[NFPROTO_NUMPROTO] = { > + [NFPROTO_UNSPEC]= "unknown", > [NFPROTO_INET] =

[PATCH 1/2 libnftnl] expr: Improve bound checking in stringification functions

In stringification functions that uses string tables it is convenient to check the array bounds and if the element is not null. Due use of designated initializers string tables can have gaps set to null. Signed-off-by: Carlos Falgueras García --- src/expr/byteorder.c | 2 +-

Re: [PATCH 1/4, V2, libnftnl] tests: Fix segfaults due outbound access

On Sat, Aug 13, 2016 at 05:25:19PM +0200, Carlos Falgueras García wrote: > Another possible solution is something like this: > > static const char *element2str(uint32_t element) { > - if (element < MAX_ELEMENT) > + if (element < MAX_ELEMENT ||