[PATCH] libnftnl: Implement new buffer of TLV objects.

These functions allow to create a buffer (nftnl_attrbuf) of TLV objects (nftnl_attr). It is inspired by libmnl/src/attr.c. It can be used to store several variable length user data into an object. Example usage: ``` struct nftnl_attrbuf *attrbuf; struct nftnl_attr *attr;

[PATCH 1/2] libnftnl: rule: Change the "userdata" attribute to use new TLV buffer.

Now is it possible to store multiple variable length user data into a rule. Signed-off-by: Carlos Falgueras García --- src/rule.c | 158 ++--- 1 file changed, 130 insertions(+), 28 deletions(-) diff --git a/src/rule.c b/src/rule.c index 3a

[PATCH 2/2] nftables: rule: Change the field "rule->comment" for an nftnl_attrbuf.

Now it is possible to store multiple variable length user data into rule. Modify the parser in order to fill the nftnl_attrbuf with the comment, and the print function for extract these commentary and print it to user. Signed-off-by: Carlos Falgueras García --- include/rule.h| 7 +++

[PATCH V7] netfilter: h323: avoid potential attack

I think hackers chould build a malicious h323 packet to overflow the pointer p which will panic during the memcpy(addr, p, len) For example, he may fabricate a very large taddr->ipAddress.ip in function get_h225_addr. To avoid above, I add buffer boundary checking both in get addr functions and se

Re: [PATCH nf-next v3 3/3] netfilter: bridge: nf queue verdict to use NFQA_VLAN and NFQA_L2HDR

Stephane Bryant wrote: > This makes nf queues use NFQA_VLAN and NFQA_L2HDR in verdict to modify the > original skb Looks good to me, thanks for addressing all my comments. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.ker

[PATCH nf-next v3 3/3] netfilter: bridge: nf queue verdict to use NFQA_VLAN and NFQA_L2HDR

This makes nf queues use NFQA_VLAN and NFQA_L2HDR in verdict to modify the original skb Signed-off-by: Stephane Bryant --- net/netfilter/nfnetlink_queue.c | 19 +++ 1 file changed, 19 insertions(+) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c in

[PATCH nf-next v3 1/3] netfilter: bridge: add nf_afinfo to enable queuing to userspace

From: stephane This just adds and registers a nf_afinfo for the ethernet bridge, which enables queuing to userspace for the AF_BRIDGE family. No checksum computation is done. Signed-off-by: Stephane Bryant --- net/bridge/netfilter/nf_tables_bridge.c | 47 +++-- 1 fi

[PATCH nf-next v3 2/3] netfilter: bridge: pass L2 header and VLAN as netlink attributes in queues to userspace

From: stephane -this creates 2 netlink attribute NLQA_VLAN and NLQA_L2HDR -these are filled up for the PF_BRIDGE family on the way to userspace Signed-off-by: Stephane Bryant --- include/uapi/linux/netfilter/nfnetlink_queue.h | 7 net/netfilter/nfnetlink_queue.c| 53 +