[PATCH v3] netfilter/ipset: replace a strncpy() with strscpy()

To make overflows as obvious as possible and to prevent code from blithely proceeding with a truncated string. This also has a side-effect to fix a compilation warning when using GCC 8.2.1. net/netfilter/ipset/ip_set_core.c: In function 'ip_set_sockfn_get':

[PATCH nft] doc: nft: document ct count

Signed-off-by: Pablo Neira Ayuso --- doc/payload-expression.txt | 8 1 file changed, 8 insertions(+) diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt index a2284ce8c3d9..eb98e5d7898c 100644 --- a/doc/payload-expression.txt +++ b/doc/payload-expression.txt @@ -619,5

Re: [PATCH v2] netfilter: ipset: replace a strncpy() with strscpy()

Hi, On Mon, 26 Nov 2018, Qian Cai wrote: > To make overflows as obvious as possible and to prevent code from blithely > proceeding with a truncated string. This also has a side-effect to fix a > compilation warning when using GCC 8.2.1. > > net/netfilter/ipset/ip_set_core.c: In function

Re: [PATCH nf-next] netfilter: nat: remove l4 protocol port rovers

On Thu, Nov 15, 2018 at 10:22:59AM +0100, Florian Westphal wrote: > This is a leftover from days where single-cpu systems were common: > Store last port used to resolve a clash to use it as a starting point when > the next conflict needs to be resolved. > > When we have parallel attempt to

[PATCH nft 2/2] src: introduce simple hints on incorrect identifier

# cat test.nft define test = "1.2.3.4" table ip x { chain y { ip saddr $text } } # nft -f test.nft test.nft:5:13-16: Error: unknown identifier 'text'; did you mean identifier ‘test’? ip saddr $text