Re: Re: [PATCH nf-next 2/3] netfilter: nf_tables: fix a endless jump loop when use vmap

On Tue, Jun 14, 2016 at 05:38:51PM +0200, Pablo Neira Ayuso wrote: > From e067bde1535ca78d9c8fea9f49f86c0731274732 Mon Sep 17 00:00:00 2001 > From: Pablo Neira Ayuso > Date: Sat, 11 Jun 2016 12:20:27 +0800 > Subject: [PATCH] netfilter: nf_tables: reject loops from set element jump to > chain > >

Re: Re: [PATCH nf-next 2/3] netfilter: nf_tables: fix a endless jump loop when use vmap

On Tue, Jun 14, 2016 at 08:07:41PM +0800, Liping Zhang wrote: > Hi pablo, > > At 2016-06-14 02:19:02, "Pablo Neira Ayuso" wrote: > >On Sat, Jun 11, 2016 at 12:20:27PM +0800, Liping Zhang wrote: > > > >Thanks for tracking down and fixing this one. > > > >I've made a new version based on your origi

Re: [PATCH nf-next 2/3] netfilter: nf_tables: fix a endless jump loop when use vmap

On Sat, Jun 11, 2016 at 12:20:27PM +0800, Liping Zhang wrote: > From: Liping Zhang > > Currently, user can add such a wrong nft rules successfully, which > will cause an endless jump loop: > # nft add rule filter test tcp dport vmap {1: jump test} > > This is because before we commit, the elem