Hi Pablo,
I love your patch! Yet something to improve:
[auto build test ERROR on nf/master]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-nf_-tcp-udp-sctp-icmp-dccp-icmpv6-generic-_pernet/20181102-101813
base: https://git.kernel.org/pub/scm/linux/kernel/git
rule for 0.0.0.0/8 is added as 0.0.0.0/0, because we did not check
mask (or negation, for that matter).
Fix this and add test cases too.
This also revealed an ip6tables-nft-save bug, it would print
' !-d', not '! -d'.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1287
Signed-off-by:
Expose these functions to access conntrack protocol tracker netns area,
nfnetlink_cttimeout needs this.
Signed-off-by: Pablo Neira Ayuso
---
v2: Place these functions in nf_conntrack_l4proto.h.
Wrap nf_dccp_pernet() and nf_sctp_pernet() around ifdef -kbuild robot.
Otherwise, we hit a NULL pointer deference since handlers always assume
default timeout policy is passed.
netlink: 24 bytes leftover after parsing attributes in process
`syz-executor2'.
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
Unlike ip(6)tables, the ebtables nat table has no special properties.
This bug causes 'ebtables -A' to fail when using a target such as
'snat' (ebt_snat target sets ".table = "nat"'). Targets that have
no table restrictions work fine.
Signed-off-by: Florian Westphal
---
Signed-off-by: Florian Westphal
---
extensions/libebt_redirect.c | 2 +-
extensions/libebt_redirect.t | 4
2 files changed, 5 insertions(+), 1 deletion(-)
create mode 100644 extensions/libebt_redirect.t
diff --git a/extensions/libebt_redirect.c b/extensions/libebt_redirect.c
index
Signed-off-by: Florian Westphal
---
extensions/libebt_802_3.t | 3 +++
extensions/libebt_arp.t | 11 +++
extensions/libebt_ip.t | 10 ++
extensions/libebt_ip6.t | 12
extensions/libebt_log.t | 6 ++
extensions/libebt_mark.t| 5 +
now that we have ebtables-save, lets add test cases for ebtables-nft
as well.
Signed-off-by: Florian Westphal
---
extensions/libebt_standard.t | 6 ++
iptables-test.py | 13 ++---
2 files changed, 16 insertions(+), 3 deletions(-)
create mode 100644
-j CONTINUE can be added, but it can't be removed:
extensions/libebt_standard.t: ERROR: line 5 (cannot find: ebtables -I INPUT -d
de:ad:be:ef:00:00 -j CONTINUE)
This problem stems from silly ambiguity in ebtables-nft vs. iptables.
In iptables, you can do
iptables -A INPUT
(no -j)
in ebtables,
This series fixes a few smaller bugs in ebtables-nft,
adds the 'arpreply' target and adds initial testcases for
all ebtables extensions ebtables-nft is supposed to support.
It also adds the 'arpreply' target to ebtables-nft.
Florian Westphal (6):
tests: add basic ebtables test support
10 matches
Mail list logo