Eric Dumazet wrote:
>
>
> On 03/08/2018 04:24 PM, Florian Westphal wrote:
> >Eric Dumazet wrote:
> >>>Fixes: c4585a2823edf ("bridge: ebt_among: add missing match size checks")
> >>>Reported-by:
> >>>Signed-off-by: Florian Westphal
> >>>---
> >>> net/bridge/netfilter/ebt_among.c | 35
On 03/08/2018 04:24 PM, Florian Westphal wrote:
Eric Dumazet wrote:
Fixes: c4585a2823edf ("bridge: ebt_among: add missing match size checks")
Reported-by:
Signed-off-by: Florian Westphal
---
net/bridge/netfilter/ebt_among.c | 35 +++
1 file changed, 35 ins
Eric Dumazet wrote:
> >Fixes: c4585a2823edf ("bridge: ebt_among: add missing match size checks")
> >Reported-by:
> >Signed-off-by: Florian Westphal
> >---
> > net/bridge/netfilter/ebt_among.c | 35 +++
> > 1 file changed, 35 insertions(+)
> >
> >diff --git a/net/
On 03/08/2018 02:24 PM, Florian Westphal wrote:
ebt_among is special, it has a dynamic match size and is exempt
from the central size checks.
commit c4585a2823edf ("bridge: ebt_among: add missing match size checks")
added validation for pool size, but missed fact that the macros
ebt_among_wh_s
ebt_among is special, it has a dynamic match size and is exempt
from the central size checks.
commit c4585a2823edf ("bridge: ebt_among: add missing match size checks")
added validation for pool size, but missed fact that the macros
ebt_among_wh_src/dst can already return out-of-bound result becaus
Eric Dumazet wrote:
>
>
> On 03/08/2018 07:01 AM, Serhey Popovych wrote:
>> Eric Dumazet wrote:
>>>
>>>
>>> On 03/08/2018 02:08 AM, Serhey Popovych wrote:
We can't use skb_reset_transport_header() together with skb_put() to
set
skb->transport_header field because skb_put() does not
ebt_among is special, it has a dynamic match size and is exempt
from the central size checks.
commit c4585a2823edf ("bridge: ebt_among: add missing match size checks")
added validation for pool size, but missed fact that the macros
ebt_among_wh_src/dst can already return out-of-bound result becaus
Print handles in this way:
table ip filter { # handle 2
}
Similarly, for chain, set and object handles
Signed-off-by: Harsha Sharma
---
src/rule.c | 63 +++---
1 file changed, 32 insertions(+), 31 deletions(-)
diff --git a/src/rule.c b/sr
On 03/08/2018 07:01 AM, Serhey Popovych wrote:
Eric Dumazet wrote:
On 03/08/2018 02:08 AM, Serhey Popovych wrote:
We can't use skb_reset_transport_header() together with skb_put() to set
skb->transport_header field because skb_put() does not touch skb->data.
Do this same way as we did for
Eric Dumazet wrote:
>
>
> On 03/08/2018 02:08 AM, Serhey Popovych wrote:
>> We can't use skb_reset_transport_header() together with skb_put() to set
>> skb->transport_header field because skb_put() does not touch skb->data.
>>
>> Do this same way as we did for csum_data in code: substract skb->he
On 03/08/2018 02:08 AM, Serhey Popovych wrote:
We can't use skb_reset_transport_header() together with skb_put() to set
skb->transport_header field because skb_put() does not touch skb->data.
Do this same way as we did for csum_data in code: substract skb->head
from tcph.
Signed-off-by: Serhe
The last rule in the blob has next_entry offset that is same as total size.
This made "ebtables32 -A OUTPUT -d de:ad:be:ef:01:02" fail on 64 bit kernel.
Fixes: b71812168571fa ("netfilter: ebtables: CONFIG_COMPAT: don't trust
userland offsets")
Signed-off-by: Florian Westphal
---
net/bridge/netf
Florian Westphal wrote:
> ebt_among is special, it has a dynamic match size and is exempt
> from the central size checks.
>
> commit c4585a2823edf ("bridge: ebt_among: add missing match size checks")
> added validation for pool size, but missed fact that the macros
> ebt_among_wh_src/dst can alre
Using skb_reset_transport_header() after skb_put() does not make sense
because we do not touch skb->data pointer. Therefore transport header
still points to network header.
Update skb->transport_header manually to difference between skb_put()
returned pointer (old tail) and skb->head.
Thanks,
Ser
We can't use skb_reset_transport_header() together with skb_put() to set
skb->transport_header field because skb_put() does not touch skb->data.
Do this same way as we did for csum_data in code: substract skb->head
from tcph.
Signed-off-by: Serhey Popovych
---
net/ipv4/netfilter/ipt_SYNPROXY.c
We can't use skb_reset_transport_header() together with skb_put() to set
skb->transport_header field because skb_put() does not touch skb->data.
Do this same way as we did for csum_data in code below: substract
skb->head from tcph.
Signed-off-by: Serhey Popovych
---
net/ipv4/netfilter/nf_reject
On 06-03-18 00:41, Pablo Neira Ayuso wrote:
> Hi Thierry,
>
> On Fri, Feb 16, 2018 at 12:31:26PM +0100, Thierry Du Tre wrote:
>> Op 30/01/2018 om 14:02 schreef Thierry Du Tre:
>>> This is a patch proposal to support shifted ranges in portmaps.
>>> (i.e. tcp/udp incoming port 5000-5100 on WAN redir
17 matches
Mail list logo