Created libtest.[hc] in order to consolidate code that is repeated in all
tests.
Signed-off-by: Carlos Falgueras García
---
.gitignore | 1 +
tests/Makefile.am | 52 +
tests/libtest.c
On Thu, Aug 11, 2016 at 09:23:14AM +0200, Laura Garcia Liebana wrote:
> diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
> new file mode 100644
> index 000..eb05527
> --- /dev/null
> +++ b/net/netfilter/nft_hash.c
> @@ -0,0 +1,136 @@
> +/*
> + * Copyright (c) 2016 Laura Garcia
This patch adds a new hash expression, this provides jhash support but
this can be extended to support for other hash functions.
The modulus and seed already comes embedded into this new expression.
Use case example:
meta mark set hash ip saddr mod 10
Signed-off-by: Laura Garcia Liebana
Please, remove "Jenkins" from the title.
And it would be good to add a test under the tests/ directory.
On Tue, Aug 09, 2016 at 04:03:51PM +0200, Laura Garcia Liebana wrote:
> diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h
> index 6aa7756..811c254 100644
> ---
On Fri, Aug 12, 2016 at 01:58:17AM +0200, Pablo Neira Ayuso wrote:
> On Fri, Aug 12, 2016 at 01:33:32AM +0200, Phil Sutter wrote:
> > The following series aims at fixing a number of issues identified by
> > Coverity tool. Due to limited familiarity with the whole code layout, I
> > am not sure all
The following series aims at fixing a number of issues identified by
Coverity tool. Due to limited familiarity with the whole code layout, I
am not sure all of them are really valid, but I tried my best to verify
the concerns are legitimate and worth fixing.
Phil Sutter (7):
set: prevent
The called function otherwise accesses uninitialized data.
Signed-off-by: Phil Sutter
---
src/ruleset.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/ruleset.c b/src/ruleset.c
index 93cf95ab61e15..a2d67cb550179 100644
--- a/src/ruleset.c
+++ b/src/ruleset.c
@@ -551,6
The array has NFT_CT_MAX fields, so indices must be less than that
number.
Fixes: 977b7a1dbe1bd ("ct: xml: use key names instead of numbers")
Cc: Arturo Borrero Gonzalez
Signed-off-by: Phil Sutter
---
src/expr/ct.c | 2 +-
1 file changed, 1
Although the 'err' pointer should be interesting for users only if the
parser returned non-zero, having it point to uninitialized data is
generally a bad thing.
Signed-off-by: Phil Sutter
---
src/chain.c | 2 +-
src/rule.c | 2 +-
src/set.c | 2 +-
src/table.c | 2 +-
4 files
On Fri, Aug 12, 2016 at 01:33:37AM +0200, Phil Sutter wrote:
> time() may return -1 which is then assigned to an unsigned integer type
> and used as sequence number. The following code increments that number
> multiple times, so it may overflow and get libmnl confused. To avoid
> this, fall back
On Fri, Aug 12, 2016 at 01:42:02AM +0200, Pablo Neira Ayuso wrote:
> On Fri, Aug 12, 2016 at 01:33:34AM +0200, Phil Sutter wrote:
> > From: Phil Sutter
> >
> > This is an ugly aspect of the SNPRINTF_BUFFER_SIZE() macro: it contains
> > a return statement and if that triggers,
This patch adds a new hash expression, this provides jhash support but
this can be extended to support for other hash functions.
The modulus and seed already comes embedded into this new expression.
Use case example:
meta mark set hash ip saddr mod 10
Signed-off-by: Laura Garcia Liebana
On Wed, Aug 10, 2016 at 05:29:34PM +0200, Laura Garcia Liebana wrote:
> The following patchset adds a check during the load of an u32 value
> into an u8 attribute which can cause an overflow.
Could you collapse them all in one single patch?
You can probably use this title:
netfilter:
On Mon, Aug 08, 2016 at 01:17:56PM +0200, Carlos Falgueras García wrote:
> diff --git a/src/expr/dynset.c b/src/expr/dynset.c
> index 0eaa409..fa8b8d5 100644
> --- a/src/expr/dynset.c
> +++ b/src/expr/dynset.c
> @@ -370,6 +370,23 @@ static void nftnl_expr_dynset_free(const struct
> nftnl_expr *e)
From: Phil Sutter
During list populating, in error case the function returns without
freeing the newly allocated 'elem' object, thereby losing any references
to it.
Signed-off-by: Phil Sutter
---
src/set.c | 10 +-
1 file changed, 5 insertions(+), 5
From: Phil Sutter
This is an ugly aspect of the SNPRINTF_BUFFER_SIZE() macro: it contains
a return statement and if that triggers, the function returns without
freeing the iterator object. Therefore duplicate the 'ret < 0' check
before calling it, freeing the iterator knowing
The function returns from inside the switch() in any case, so the final
return statement is never reached.
Fixes: 7769cbd9dfe69 ("expr: limit: add per-byte limiting support")
Signed-off-by: Phil Sutter
---
src/expr/limit.c | 1 -
1 file changed, 1 deletion(-)
diff --git
On Fri, Aug 12, 2016 at 01:33:34AM +0200, Phil Sutter wrote:
> From: Phil Sutter
>
> This is an ugly aspect of the SNPRINTF_BUFFER_SIZE() macro: it contains
> a return statement and if that triggers, the function returns without
> freeing the iterator object. Therefore
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Aug 10, 2016 at 05:12:04PM +0200, Carlos Falgueras García wrote:
> Deleted wrong braces that cause unwanted behaviour.
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info
On Fri, Aug 12, 2016 at 02:05:54AM +0200, Pablo Neira Ayuso wrote:
> On Fri, Aug 12, 2016 at 01:58:17AM +0200, Pablo Neira Ayuso wrote:
> > On Fri, Aug 12, 2016 at 01:33:32AM +0200, Phil Sutter wrote:
> > > The following series aims at fixing a number of issues identified by
> > > Coverity tool.
21 matches
Mail list logo