From: Gao Feng
In the commit ("netfilter: nf_conntrack: nf_conntrack snmp helper"),
the snmp_helper is replaced by nf_nat_snmp_hook. So the snmp_helper
is never registered. But it still tries to unregister the snmp_helper,
it could cause the panic.
Now remove the useless snmp_helper and the unre
Hi all,
After merging the netfilter-next tree, today's linux-next build (x86_64
allmodconfig) produced this warning:
net/netfilter/nfnetlink_acct.c: In function 'nfnl_acct_try_del':
net/netfilter/nfnetlink_acct.c:329:15: warning: unused variable 'refcount'
[-Wunused-variable]
unsigned int refc
On Fri, Mar 17, 2017 at 02:10:44PM +0100, Pablo Neira Ayuso wrote:
> Wait.
>
> May this break local multicast listener that are bound to the bridge
> interface? Assuming the bridge interface got an IP address, and that
> there is local multicast listener.
>
> Missing anything here?
Hm, for multi
From: Liping Zhang
So we can modify the nf_conntrack_expect_policy directly, the next patch
will need this.
Signed-off-by: Liping Zhang
---
include/net/netfilter/nf_conntrack_helper.h | 4 ++--
net/ipv4/netfilter/nf_nat_snmp_basic.c | 2 +-
net/netfilter/nf_conntrack_amanda.c | 2
From: Liping Zhang
Currently, when we create cthelper via nfnetlink, -EINVAL will be
returned if the NFCTH_PRIV_DATA_LEN attribute is empty.
But enforcing the user to specify the NFCTH_PRIV_DATA_LEN attr seems
unnecessary, so it's better to set the helper->data_len to zero if
the NFCTH_PRIV_DATA
From: Liping Zhang
When invoke nfnl_cthelper_update, we will malloc a new expect_policy,
then only point the helper->expect_policy to the new one but ignore
the old one, so it will be leaked forever.
Another issue is that the user can modify the expect_class_max to a
new value, for example, decr
From: Liping Zhang
The helper->expect_class_max must be set to the total number of
expect_policy minus 1, since we will use the statement "if (class >
helper->expect_class_max)" to validate the CTA_EXPECT_CLASS attr in
ctnetlink_alloc_expect.
So for compatibility, set the helper->expect_class_ma
From: Liping Zhang
After inputting the following test command, core dump happened:
# ./examples/nfct-helper-add test 1
*** Error in
`.../libnetfilter_cthelper/examples/.libs/lt-nfct-helper-add':
double free or corruption (fasttop): 0x01f3c070 ***
=== Backtrace: =
/l
From: Liping Zhang
The nf_ct_helper_hash table is protected by nf_ct_helper_mutex, while
nfct_helper operation is protected by nfnl_lock(NFNL_SUBSYS_CTHELPER).
So it's possible that one CPU is walking the nf_ct_helper_hash for
cthelper add/get/del, another cpu is doing nf_conntrack_helpers_unregi
From: Liping Zhang
This patch set aims to fix some bugs related to nfnetlink_cthelper.
They are:
1. if NFCTH_PRIV_DATA_LEN attr is empty, we cannot create a cthelper
via nfnetlink
2. helper->expect_class_max is incorrect
3. when update cthelper via nfnetlink, memory leak will happen. It's
o
I am going to keep netfilter and wireless lists on for now unless I hear
more objections. We will be doing about one a day from now until about
the time of the conference.
The tech committee would like to announce a new accepted talk.
Huapeng Zhou, Doug Porter, Ryan Tierney and Nikita Shirokov
a
11 matches
Mail list logo