Re: [PATCH] netfilter: nf_nat_h323: fix logical-not-parentheses warning

2017-08-08 Thread Nick Desaulniers
bumping for review On Mon, Jul 31, 2017 at 11:39 AM, Nick Desaulniers wrote: > Clang produces the following warning: > > net/ipv4/netfilter/nf_nat_h323.c:553:6: error: > logical not is only applied to the left hand side of this comparison >

[PATCH iptables 1/2] xtables-compat-restore: fix several memory leaks

2017-08-08 Thread Pablo M. Bermudo Garay
The following memory leaks are detected by valgrind when ip[6]tables-compat-restore is executed: valgrind --leak-check=full iptables-compat-restore test-ruleset ==2548== 16 bytes in 1 blocks are definitely lost in loss record 1 of 20 ==2548==at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)

[PATCH iptables 2/2] xtables-compat: fix memory leak when listing

2017-08-08 Thread Pablo M. Bermudo Garay
The following memory leaks are detected by valgrind when ip[6]tables-compat is used for listing operations: ==1604== 1,064 (120 direct, 944 indirect) bytes in 5 blocks are definitely lost in loss record 21 of 27 ==1604==at 0x4C2BBEF: malloc (vg_replace_malloc.c:299) ==1604==by 0x56ABB78:

[PATCH nf-next 4/4] netfilter: rt: add support to fetch path mss

2017-08-08 Thread Florian Westphal
to be used in combination with tcp option set support to mimic iptables TCPMSS --clamp-mss-to-pmtu. Signed-off-by: Florian Westphal --- include/uapi/linux/netfilter/nf_tables.h | 2 + net/netfilter/nft_rt.c | 65 2 files

[PATCH nf-next 2/4] netfilter: exthdr: split netlink dump function

2017-08-08 Thread Florian Westphal
so eval and uncoming eval_set versions can reuse a common helper. Signed-off-by: Florian Westphal --- net/netfilter/nft_exthdr.c | 16 +++- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_exthdr.c b/net/netfilter/nft_exthdr.c index

[PATCH nf-next 3/4] netfilter: exthdr: tcp option set support

2017-08-08 Thread Florian Westphal
This allows setting 2 and 4 byte quantities in the tcp option space. Main purpose is to allow native replacement for xt_TCPMSS to work around pmtu blackholes. Writes to kind and len are now allowed at the moment, it does not seem useful to do this as it causes corruption of the tcp option space.

[PATCH nf-next 0/4] netfilter: nftables: tcp mss mangling support

2017-08-08 Thread Florian Westphal
This series adds the needed kernel parts to support tcp mss mangling. First two patches rework exthdr so we don't have to copy-paste too much, patch 3 adds tcp option mangling support. Last patch allows to retrieve path tcpmss via rt expression, this is so we can support iptables TCPMSS

[PATCH nf-next 1/4] netfilter: exthdr: factor out tcp option access

2017-08-08 Thread Florian Westphal
Signed-off-by: Florian Westphal --- net/netfilter/nft_exthdr.c | 33 + 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/net/netfilter/nft_exthdr.c b/net/netfilter/nft_exthdr.c index 1ec49fe5845f..921c95f2c583 100644 ---

Re: [PATCH nf-next 4/4] netfilter: rt: add support to fetch path mss

2017-08-08 Thread Eric Dumazet
On Tue, 2017-08-08 at 15:15 +0200, Florian Westphal wrote: > to be used in combination with tcp option set support to mimic > iptables TCPMSS --clamp-mss-to-pmtu. > > Signed-off-by: Florian Westphal > --- > include/uapi/linux/netfilter/nf_tables.h | 2 + >

Re: [PATCH nf-next 4/4] netfilter: rt: add support to fetch path mss

2017-08-08 Thread Florian Westphal
Eric Dumazet wrote: > On Tue, 2017-08-08 at 15:15 +0200, Florian Westphal wrote: > > + struct dst_entry *dst; > > + struct flowi fl; [..] > > + ai = nf_get_afinfo(nft_pf(pkt)); > > + if (ai) > > + ai->route(nft_net(pkt), , , false); > > + > > if ai is

[PATCH v2 nf-next 4/4] netfilter: rt: add support to fetch path mss

2017-08-08 Thread Florian Westphal
to be used in combination with tcp option set support to mimic iptables TCPMSS --clamp-mss-to-pmtu. v2: Eric Dumazet points out dst must be initialized. Signed-off-by: Florian Westphal --- include/uapi/linux/netfilter/nf_tables.h | 2 + net/netfilter/nft_rt.c

Re: [PATCH net] net: sched: fix NULL pointer dereference when action calls some targets

2017-08-08 Thread Cong Wang
On Mon, Aug 7, 2017 at 7:33 PM, Xin Long wrote: > On Tue, Aug 8, 2017 at 9:15 AM, Cong Wang wrote: >> This looks like a completely API burden? > netfilter xt targets are not really compatible with netsched action. > I've got to say, the patch is