) sometimes frees skb, but the
code is less clear to me than for the previous warning so I don't know.
302 }
303 }
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
M
Hi Varsha,
Thank you for the patch! Perhaps something to improve:
url:
https://github.com/0day-ci/linux/commits/Varsha-Rao/net-netfilter-nf_tables_api-Use-id-allocation/20180614-004233
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
New smatch warnings:
return -EOPNOTSUPP;
1446 }
1447 nfnl_lock(NFNL_SUBSYS_CTNETLINK);
1448 rcu_read_lock();
1449 if (nat_hook->parse_nat_setup)
1450 return -EAGAIN;
1451 #end
Hi Kristian,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
[also build test WARNING on v4.17-rc3 next-20180504]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
cwdev_iter),
> + NULL);
> if (!entry)
> return -ENOENT;
> return 0;
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
We should be testing "flowtable" instead of "table".
Fixes: 3b49e2e94e6e ("netfilter: nf_tables: add flow table netlink frontend")
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
---
The bug hasn't hit net-next yet, it's still in the netfilt
We accidentally return an uninitialized variable.
Fixes: cf56c2f892a8 ("netfilter: remove old pre-netns era hook api")
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 368610dbc3c0..974cf2a3795a 100644
---
According to my static checker we should unlock here before the return.
That seems reasonable to me as well.
Fixes" b9e69e127397 ("netfilter: xtables: don't hook tables by default")
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
diff --git a/net/netfilter/x_tab
t; 0)
551 goto err1;
552
553 err = nft_ct_netns_get(ctx->net, ctx->afi->family);
554 if (err < 0)
555 goto err1;
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel"
Dereference inside function.
1013 elem = rcu_dereference(elem->next))
1014 ;
1015
1016 if (!elem)
This can't be reached without already dereferencing "elem".
1017 return okfn(net, sk,
On Tue, Dec 06, 2016 at 01:16:08PM +0100, Pablo Neira Ayuso wrote:
> On Tue, Dec 06, 2016 at 02:57:34PM +0300, Dan Carpenter wrote:
> > Hello Pablo Neira Ayuso,
> >
> > The patch 556c291b3a1b: "netfilter: nft_payload: layer 4 checksum
> > adjustment for pseudo
now for sure this is a bug...
302 goto err;
303
304 if (!skb_make_writable(skb, max(offset + priv->len, 0)) ||
305 skb_store_bits(skb, offset, src, priv->len) < 0)
306 goto err;
307
308 return;
30
We don't want to allow negatives here.
Fixes: 36b701fae12a ('netfilter: nf_tables: validate maximum value of u32
netlink attributes')
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
---
v2: cosmetic change
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
We don't want to allow negatives here.
Fixes: 36b701fae12a ('netfilter: nf_tables: validate maximum value of u32
netlink attributes')
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index b70d3ea..dd55187
"err" needs to be signed for the error handling to work.
Fixes: 36b701fae12a ('netfilter: nf_tables: validate maximum value of u32
netlink attributes')
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
diff --git a/net/netfilter/nft_exthdr.c b/net/netfilter/nft_exthdr
15 matches
Mail list logo