The new name is stored in the transaction metadata, on commit,
the pointers to the old and new names are swapped.
Therefore in abort and commit case we have to free the
pointer in the chain_trans container.
In commit case, the pointer can be used by another cpu that
is currently dumping the
Fixes: 3b49e2e94e6ebb ("netfilter: nf_tables: add flow table netlink frontend")
Signed-off-by: Florian Westphal
---
net/netfilter/nf_tables_api.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index b1d034bf51f5..8c90cdbb738b
This series fixes a few memory leaks in nf_tables control plane.
Last patch also disallows renames to same name.
Florian Westphal (4):
netfilter: nf_tables: use dev->name directly
netfilter: nf_tables: free flow table struct too
netfilter: nf_tables: fix memory leaks on chain
no need to store the name in separate area.
Furthermore, it uses kmalloc but not kfree and most accesses seem to treat
it as char[IFNAMSIZ] not char *.
Remove this and use dev->name instead.
In case event zeroed dev, just omit the name in the dump.
Fixes: d92191aa84e5f1 ("netfilter: nf_tables:
kernel currently permits chains with same name when a transaction renames
2 chains to the same new name. Add a test case for this.
Signed-off-by: Florian Westphal
---
tests/shell/testcases/chains/0014rename_0 | 19 +++
tests/shell/testcases/chains/0014rename_1 | 14
Hi Florent,
On Mon, 16 Jul 2018, Florent Fourcot wrote:
> > Technically I have no problem with your patch. However, it means a
> > non-versioned protocol change. I'd like to think about it and check
> > how would be best to introduce a version change.
>
> Do you have any update on this? In my
Hi Stefano,
On Sat, 14 Jul 2018, Stefano Brivio wrote:
> Commit 45040978c899 ("netfilter: ipset: Fix set:list type crash
> when flush/dump set in parallel") postponed decreasing set
> reference counters to the RCU callback.
>
> An 'ipset del' command can terminate before the RCU grace period
>
2018-07-17 1:09 GMT+09:00 Pablo Neira Ayuso :
> Hi Taehee,
>
> On Tue, Jul 10, 2018 at 11:22:01PM +0900, Taehee Yoo wrote:
>> This patch fixes below.
>> 1. check null pointer of rb_next.
>> rb_next can return null. so null check routine should be added.
>> 2. add rcu_barrier in destroy routine.
Thanks, I am going to reorder them.
On 07/16/2018 05:12 PM, Pablo Neira Ayuso wrote:
BTW, this patch should be 2/3.
Order patches in a logic way:
1) Small preparation.
2) Add nfnetlink_osf
3) Add support for osf nft.
You can use git rebase interactive mode to reorder patches.
Thanks.
--
On 07/16/2018 05:10 PM, Pablo Neira Ayuso wrote:
On Sat, Jul 14, 2018 at 04:51:01PM +0200, Fernando Fernandez Mancera wrote:
Signed-off-by: Fernando Fernandez Mancera
---
include/linux/netfilter/nfnetlink_osf.h | 20 +
net/netfilter/Kconfig | 11 ++-
Hi Taehee,
On Tue, Jul 10, 2018 at 11:22:01PM +0900, Taehee Yoo wrote:
> This patch fixes below.
> 1. check null pointer of rb_next.
> rb_next can return null. so null check routine should be added.
> 2. add rcu_barrier in destroy routine.
> GC uses call_rcu to remove elements. but all elements
On Tue, Jul 10, 2018 at 10:00:21PM +0200, Harsha Sharma wrote:
> Add tests for listing specific object for a given table name and all
> objects of a table.
Applied, thanks Harsha.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to
On Mon, Jul 16, 2018 at 05:04:14PM +0200, Pablo Neira Ayuso wrote:
> On Sun, Jul 15, 2018 at 10:43:46AM +0200, Martynas Pumputis wrote:
> > As the patch is in the "Changes Requested" state and to avoid any
> > misunderstanding, do you want me to re-submit the patch with the minor
> > changes
BTW, this patch should be 2/3.
Order patches in a logic way:
1) Small preparation.
2) Add nfnetlink_osf
3) Add support for osf nft.
You can use git rebase interactive mode to reorder patches.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a
On Sat, Jul 14, 2018 at 04:54:56PM +0200, Fernando Fernandez Mancera wrote:
> It hasn't been tested yet. All necessary changes to introduce NFTA_OSF_DREG
> are already done.
>
> After the review and testing I am going to implement the match_packet
> function.
You will need my three patches to
On Sat, Jul 14, 2018 at 04:51:01PM +0200, Fernando Fernandez Mancera wrote:
> Signed-off-by: Fernando Fernandez Mancera
> ---
> include/linux/netfilter/nfnetlink_osf.h | 20 +
> net/netfilter/Kconfig | 11 ++-
> net/netfilter/Makefile | 1 +
>
On Sun, Jul 15, 2018 at 10:43:46AM +0200, Martynas Pumputis wrote:
> As the patch is in the "Changes Requested" state and to avoid any
> misunderstanding, do you want me to re-submit the patch with the minor
> changes applied or are you going to do it yourself? Thanks.
Just changed it back to
Hello Jozsef,
Technically I have no problem with your patch. However, it means a
non-versioned protocol change. I'd like to think about it and check how
would be best to introduce a version change.
Do you have any update on this? In my opinion, there are already some
flags to control list
On Tue, Jul 10, 2018 at 12:10:22PM +0200, Pablo Neira Ayuso wrote:
> > diff --git a/src/parser_bison.y b/src/parser_bison.y
> > index 98bfeba..2b7d7cc 100644
> > --- a/src/parser_bison.y
> > +++ b/src/parser_bison.y
> > @@ -182,6 +182,8 @@ int nft_lex(void *, void *, void *);
> > %token AT
19 matches
Mail list logo
