[PATCH nf] netfilter: nf_tables: fix chain filter in nf_tables_dump_rules()

ctx->chain may be null now that we have very large object names, so we cannot check for ctx->chain[0] here. Fixes: e46abbcc05aa ("netfilter: nf_tables: Allow table names of up to 255 chars") Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nf_tables_api.c | 2 +- 1 file

Re: [PATCH nf] netfilter: nf_tables: fix chain filter in nf_tables_dump_rules()

On Tue, Dec 19, 2017 at 12:04:43PM +0100, Pablo Neira Ayuso wrote: > ctx->chain may be null now that we have very large object names, > so we cannot check for ctx->chain[0] here. > > Fixes: e46abbcc05aa ("netfilter: nf_tables: Allow table names of up to 255 > chars") This really fixes:

Re: [PATCH nf] netfilter: nf_tables: fix chain filter in nf_tables_dump_rules()

On Tue, Dec 19, 2017 at 12:21:51PM +0100, Phil Sutter wrote: > On Tue, Dec 19, 2017 at 12:04:43PM +0100, Pablo Neira Ayuso wrote: > > ctx->chain may be null now that we have very large object names, > > so we cannot check for ctx->chain[0] here. > > > > Fixes: e46abbcc05aa ("netfilter: nf_tables:

Re: [PATCH] extensions: libxt_hashlimit: Do not print default timeout and burst

On Tue, Dec 19, 2017 at 7:31 PM, Pablo Neira Ayuso wrote: > On Tue, Dec 19, 2017 at 05:57:16PM +0530, Harsha Sharma wrote: >> @@ -1340,7 +1345,9 @@ static int hashlimit_mt_xlate(struct xt_xlate *xl, >> const char *name, >> xt_xlate_add(xl, "flow table %s {", name); >>

Re: [PATCH] extensions: libxt_hashlimit: Do not print default timeout and burst

On Tue, Dec 19, 2017 at 05:57:16PM +0530, Harsha Sharma wrote: > @@ -1340,7 +1345,9 @@ static int hashlimit_mt_xlate(struct xt_xlate *xl, > const char *name, > xt_xlate_add(xl, "flow table %s {", name); > ret = hashlimit_mode_xlate(xl, cfg->mode, family, >

Unable to compile linux-kernel pulled from nf-next tree

Hello, I'm working on a task in netfilter and trying to compile linux-kernel pulled from nf-next tree. https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git but fail with these errors. make-- Kernel: arch/x86/boot/bzImage is ready (#4) MODPOST 4905 modules fs/ufs/ufs.o: Invalid

[nf-next:for-net-next2 38/40] net/ipv6/netfilter.c:96:5: error: redefinition of 'nf_ip6_reroute'

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next2 head: 7c3f8641178fb63c1e970a23e3743e89fc92be81 commit: 56cd0e50caf4a1cb0fc743c53f3f7b3ad7a5f717 [38/40] netfilter: remove reroute indirection in struct nf_afinfo config: xtensa-allmodconfig (attached as

[nf-next:for-net-next2 35/40] net/ipv6/netfilter.c:166:9: error: redefinition of 'nf_ip6_checksum_partial'

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next2 head: 7c3f8641178fb63c1e970a23e3743e89fc92be81 commit: d0cdeba2fc5ef7f97bdcf5d31266a25802372009 [35/40] netfilter: remove checksum_partial indirection in struct nf_afinfo config: xtensa-allmodconfig

[nf-next:for-net-next3 28/40] net/netfilter/core.c:403:6: sparse: symbol '__nf_unregister_net_hook' was not declared. Should it be static?

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: ac119d8cd0892526ea8c6c7ed30dce0ea75b1b03 [28/40] netfilter: core: support for NFPROTO_INET hook registration reproduce: # apt-get install

[RFC PATCH nf-next] netfilter: core: __nf_unregister_net_hook() can be static

Fixes: ac119d8cd089 ("netfilter: core: support for NFPROTO_INET hook registration") Signed-off-by: Fengguang Wu --- core.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netfilter/core.c b/net/netfilter/core.c index 606efc9..9ace162

[PATCH] netfilter: connlimit: fix boolreturn.cocci warnings

From: Fengguang Wu net/netfilter/nf_conncount.c:74:9-10: WARNING: return of 0/1 in function 'already_closed' with return type bool Return statements in functions returning bool should use true/false instead of 1/0. Generated by:

[PATCH] netfilter: connlimit: fix ptr_ret.cocci warnings

From: Fengguang Wu net/netfilter/xt_connlimit.c:96:1-3: WARNING: PTR_ERR_OR_ZERO can be used Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR Generated by: scripts/coccinelle/api/ptr_ret.cocci Fixes: 61b781a5a0bb ("netfilter: connlimit: split xt_connlimit

[nf-next:for-net-next3 32/40] net/netfilter/nf_conncount.c:74:9-10: WARNING: return of 0/1 in function 'already_closed' with return type bool

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 61b781a5a0bb7fcbbb3be316271fccf59915e3b0 [32/40] netfilter: connlimit: split xt_connlimit into front and backend coccinelle warnings: (new ones

[nf-next:for-net-next3 34/40] utils.c:undefined reference to `nf_ip6_checksum'

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 188efacae54f7b9f1421a238da93d5289a3704a0 [34/40] netfilter: remove checksum indirection in struct nf_afinfo config: i386-allmodconfig (attached as

[nf-next:for-net-next2 36/40] net/netfilter/utils.c:51: undefined reference to `nf_ip_saveroute'

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next2 head: 7c3f8641178fb63c1e970a23e3743e89fc92be81 commit: d0f3d3b94e3a8765b0034127780d57f304af11fe [36/40] netfilter: remove saveroute indirection in struct nf_afinfo config: x86_64-randconfig-i0-201751

[nf-next:for-net-next2 34/40] net/netfilter/utils.c:14: undefined reference to `nf_ip_checksum'

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next2 head: 7c3f8641178fb63c1e970a23e3743e89fc92be81 commit: a86ca02d263c397669ad0ff856d8c0001a4c1eec [34/40] netfilter: remove checksum indirection in struct nf_afinfo config: x86_64-randconfig-i0-201751

[nf-next:for-net-next3 34/40] net/netfilter/utils.c:17: undefined reference to `nf_ip6_checksum'

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 188efacae54f7b9f1421a238da93d5289a3704a0 [34/40] netfilter: remove checksum indirection in struct nf_afinfo config: x86_64-randconfig-s2-12200210

[PATCH nf-next v2] netfilter: nf_defrag_ipv4: Skip defrag if NOTRACK is set

conntrack defrag is needed only if some module like CONNTRACK or NAT explicitly requests it. For plain forwarding scenarios, defrag is not needed and can be skipped if NOTRACK is set in a rule. Since conntrack defrag is currently higher priority than raw table, setting NOTRACK is not sufficient.

[nf-next:for-net-next2 35/40] net/netfilter/utils.c:33: undefined reference to `nf_ip_checksum_partial'

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next2 head: 7c3f8641178fb63c1e970a23e3743e89fc92be81 commit: d0cdeba2fc5ef7f97bdcf5d31266a25802372009 [35/40] netfilter: remove checksum_partial indirection in struct nf_afinfo config: x86_64-randconfig-i0-201751

[nf-next:for-net-next3 36/40] net/netfilter/utils.c:54: undefined reference to `nf_ip6_saveroute'

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: e58c72119d0fa35020c144317509fe9494c441bd [36/40] netfilter: remove saveroute indirection in struct nf_afinfo config: x86_64-randconfig-s2-12200210

[nf-next:for-net-next3 37/40] net/netfilter/xt_addrtype.c:55: undefined reference to `nf_ip6_route'

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 4a61f6d1f4eddcb006e6d6ed1a90c81737c6dc0a [37/40] netfilter: remove route indirection in struct nf_afinfo config: i386-randconfig-a1-12171902 (attached

[nf-next:for-net-next3 35/40] net/netfilter/utils.c:37: undefined reference to `nf_ip6_checksum_partial'

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 1033afac404a403b3ae982702061e7808b80e597 [35/40] netfilter: remove checksum_partial indirection in struct nf_afinfo config:

[nf-next:for-net-next3 35/40] utils.c:undefined reference to `nf_ip6_checksum_partial'

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 1033afac404a403b3ae982702061e7808b80e597 [35/40] netfilter: remove checksum_partial indirection in struct nf_afinfo config: i386-allmodconfig (attached

[nf-next:for-net-next2 38/40] net/netfilter/utils.c:53: undefined reference to `nf_ip_reroute'

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next2 head: 7c3f8641178fb63c1e970a23e3743e89fc92be81 commit: 56cd0e50caf4a1cb0fc743c53f3f7b3ad7a5f717 [38/40] netfilter: remove reroute indirection in struct nf_afinfo config: x86_64-randconfig-i0-201751

[nf-next:for-net-next3 36/40] (.text.nf_saveroute+0x58): undefined reference to `nf_ip6_saveroute'

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: e58c72119d0fa35020c144317509fe9494c441bd [36/40] netfilter: remove saveroute indirection in struct nf_afinfo config: parisc-allmodconfig (attached as

[nf-next:for-net-next3 38/40] net/netfilter/utils.c:56: undefined reference to `nf_ip6_reroute'

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 63cfa51ca37a4b4fb6b3d994c9c775920457252e [38/40] netfilter: remove reroute indirection in struct nf_afinfo config: x86_64-randconfig-s2-12200210

[nf-next:for-net-next3 38/40] (.text.nf_reroute+0x58): undefined reference to `nf_ip6_reroute'

tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 63cfa51ca37a4b4fb6b3d994c9c775920457252e [38/40] netfilter: remove reroute indirection in struct nf_afinfo config: parisc-allmodconfig (attached as