When you set an object attribute the memory is copied, sometimes an
allocations is needed and it must be checked. Before this patch all setters
method return void, so this patch makes all setters return int instead void
to communicate the error to user.
Summary:
* All setters return int
On 06/10/2016 01:14 PM, Arturo Borrero Gonzalez wrote:
On 10 June 2016 at 12:20, Carlos Falgueras García wrote:
Signed-off-by: Carlos Falgueras García
---
src/rule.c | 1 +
src/set_elem.c | 1 +
2 files changed, 2 insertions(+)
diff --git
On Fri, Jun 10, 2016 at 12:20:54PM +0200, Carlos Falgueras García wrote:
> When you set an object attribute the memory is copied, sometimes an
> allocations is needed and it must be checked. Before this patch all setters
> method return void, so this patch makes all setters return int instead void
Clone of 1eada72b with 9bb76094 and e0390bee on top.
Signed-off-by: Thomas Woerner
---
:100644 100644 2731209... c48ddf9... M iptables/ip6tables.c
iptables/ip6tables.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
On Friday 2016-06-10 12:16, Thomas Woerner wrote:
> in iptables.c there is a check of DROP usage in the nat table.In ip6tables,
> this check is not there.Is this intentional?
It must be an oversight, since IPv6 did not have nat back then.
--
To unsubscribe from this list: send the line
From: Liping Zhang
In my mechain, port 12345 is mapped to italk in /etc/services:
italk 12345/tcp # Italk Chat System
So when we add nft rule with udp port "12345", nft list ruleset
will displayed it as "italk", that cause the result is not
increases struct size by 32 bytes (288 -> 320), but it is the right thing,
else any attempt to (re-)arrange nf_conn members by cacheline won't work.
Signed-off-by: Florian Westphal
---
gives checkpatch warn due to line > 80 lines but I don't want to
add a line-break after |
Those comparisions are useless in case of ZONES=n; all conntracks
will reside in the same zone by definition.
Signed-off-by: Florian Westphal
---
include/net/netfilter/nf_conntrack_zones.h | 12
1 file changed, 12 insertions(+)
diff --git
From: Liping Zhang
This patch set mainly fix a endless jump loop bug, for example, user
can add the following nft rules successfully:
# nft add table filter
# nft add chain filter test
# nft add rule filter test tcp dport vmap {1: jump test}
This is because we
From: Liping Zhang
We should check "i" is used as a dictionary or not, "binding" is already
checked before.
Signed-off-by: Liping Zhang
---
net/netfilter/nf_tables_api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
From: Liping Zhang
When we add a nft rule like follows:
# nft add rule filter test tcp dport vmap {1: jump test}
-ELOOP error will be returned, and the anonymous set will be
destroyed.
But after that, nf_tables_abort will also try to remove the
element and destroy
From: Liping Zhang
Currently, user can add such a wrong nft rules successfully, which
will cause an endless jump loop:
# nft add rule filter test tcp dport vmap {1: jump test}
This is because before we commit, the element in the current anonymous
set is inactive,
From: Eric Dumazet
> Sent: 09 June 2016 22:17
> On Thu, 2016-06-09 at 23:50 +0300, Saeed Mahameed wrote:
> > From: Matthew Finlay
>
>
> > diff --git a/net/socket.c b/net/socket.c
> > index a1bd161..67de200 100644
> > --- a/net/socket.c
> > +++ b/net/socket.c
> > @@ -382,6
Hello,
in iptables.c there is a check of DROP usage in the nat table.In
ip6tables, this check is not there.Is this intentional?
These are the commits for iptables that added and modified the
check:1eada72b, 9bb76094 and e0390bee
What do you think about adding this also to ip6ables?
When you set an object attribute the memory is copied, sometimes an
allocations is needed and it must be checked. Before this patch all setters
method return void, so this patch makes all setters return int instead void
to communicate the error to user.
Summary:
* All setters return int
Signed-off-by: Carlos Falgueras García
---
src/rule.c | 2 ++
src/set_elem.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/src/rule.c b/src/rule.c
index 1e1a138..19e8b95 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -111,7 +111,9 @@ void nftnl_rule_unset(struct
I forgot to move the kmem_cache_destroy into the exit path.
Fixes: 0c5366b3a8c7 ("netfilter: conntrack: use single slab cache)
Signed-off-by: Florian Westphal
---
net/netfilter/nf_conntrack_core.c | 2 ++
1 file changed, 2 insertions(+)
diff --git
On Fri, 2016-06-10 at 14:29 +, David Laight wrote:
> From: Eric Dumazet
> > Sent: 09 June 2016 22:17
> > On Thu, 2016-06-09 at 23:50 +0300, Saeed Mahameed wrote:
> > > From: Matthew Finlay
> >
> >
> > > diff --git a/net/socket.c b/net/socket.c
> > > index a1bd161..67de200
18 matches
Mail list logo