Hi Marcelo,
2016-06-20 23:48 GMT+08:00 Marcelo Ricardo Leitner :
>
> A different check/log is made for ip6:
> nf_reject_ip6_tcphdr_get():
> /* IP header checks: fragment, too short. */
> if (proto != IPPROTO_TCP || *otcplen < sizeof(struct tcphdr)) {
>
Remove the warning about outdated version of flex as it is not needed
anymore.
Signed-off-by: Shivani Bhardwaj
---
configure.ac | 15 ---
1 file changed, 15 deletions(-)
diff --git a/configure.ac b/configure.ac
index b170add..c91e9e7 100644
--- a/configure.ac
Remove the warning about outdated version of flex as it is not needed
anymore.
Signed-off-by: Shivani Bhardwaj
---
configure.ac | 15 ---
1 file changed, 15 deletions(-)
diff --git a/configure.ac b/configure.ac
index c541034..b6c5439 100644
--- a/configure.ac
From: Liping Zhang
In iptables, if the user add a rule to send tcp RST and specify the
non-TCP protocol, such as UDP, kernel will reject this request. But
in nftables, this validity check only occurs in nft tool, i.e. only
in userspace.
This means that user can add
From: Liping Zhang
If expr init fails then we need to free it.
So when the user add a nft rule as follows:
# nft add rule filter input tcp dport 22 flow table ssh \
{ ip saddr limit rate 0/second }
memory leak will happen.
Signed-off-by: Liping Zhang
On Mon, Jun 20, 2016 at 02:52:27PM +0200, Florian Westphal wrote:
> Pablo Neira Ayuso wrote:
> > On Mon, Jun 20, 2016 at 02:42:59PM +0200, Pablo Neira Ayuso wrote:
> > > On Mon, Jun 20, 2016 at 01:19:52PM +0200, Florian Westphal wrote:
> > > > nfq_open_nfnl uses an
Pablo Neira Ayuso wrote:
> On Mon, Jun 20, 2016 at 02:42:59PM +0200, Pablo Neira Ayuso wrote:
> > On Mon, Jun 20, 2016 at 01:19:52PM +0200, Florian Westphal wrote:
> > > nfq_open_nfnl uses an intermediate static object, so when
> > > it is invoked by distinct threads at the
On Mon, Jun 20, 2016 at 01:19:52PM +0200, Florian Westphal wrote:
> nfq_open_nfnl uses an intermediate static object, so when
> it is invoked by distinct threads at the same time there is a small
> chance that some threads end up with another threads nfq_handle pointer
> stored in ->data.
>
>
nfq_open_nfnl uses an intermediate static object, so when
it is invoked by distinct threads at the same time there is a small
chance that some threads end up with another threads nfq_handle pointer
stored in ->data.
Tested-by: Michal Tesar
Signed-off-by: Florian Westphal
Use a variable 'ret' multiple times without treat the error between can
overwrite the previous error value, and may execute code which should not.
Bad way:
int f() {
int ret;
ret = g();
ret = h();
return ret;
}
On Sat, Jun 18, 2016 at 10:19:51PM +0530, Shivani Bhardwaj wrote:
> Hi Pablo,
>
> Just to avoid any confusion, should I be following up with patches for
> iptables and conntrack-tools to completely remove this check? It is
> already not there in nft. Please let me know.
Yes, please remove this
11 matches
Mail list logo