[PATCH nf] netfilter: xt_CT: fix cthelper module's refcnt leak

From: Liping Zhang We should call module_put when the time policy is not found. Otherwise, the related cthelper module cannot be removed anymore. It is easy to reproduce by typing the following command: # iptables -t raw -A OUTPUT -p tcp -j CT --helper ftp --timeout xxx

Re: [PATCH nf] netfilter: nft_hash: do not dump the auto generated seed

Hi Laura, 2017-04-08 5:19 GMT+08:00 Laura García Liébana : > On Mon, Apr 3, 2017 at 10:34 AM, Liping Zhang wrote: >> >> From: Liping Zhang >> >> This can prevent the nft utility from printing out the auto generated >> seed to the

Re: [PATCH nf] netfilter: nft_hash: do not dump the auto generated seed

On Mon, Apr 3, 2017 at 10:34 AM, Liping Zhang wrote: > > From: Liping Zhang > > This can prevent the nft utility from printing out the auto generated > seed to the user, which is unnecessary and confusing. > > Signed-off-by: Liping Zhang

Re: [RFC v2] extensions: libxt_TOS: Add translation to nft

On Fri, Apr 7, 2017 at 4:13 AM, Pablo Neira Ayuso wrote: > On Wed, Mar 29, 2017 at 12:20:18AM +0530, Gargi Sharma wrote: >> Add translation for TOS to nftables. TOS is deprecated >> ans DSCP is ued in place of it. The first 6 bits of >> TOS specify the DSCP value. >> >>

Re: [RFC v2] extensions: libxt_TOS: Add translation to nft

On Fri, Apr 7, 2017 at 4:19 AM, Pablo Neira Ayuso wrote: > > On Wed, Mar 29, 2017 at 12:20:18AM +0530, Gargi Sharma wrote: > > diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c > > index cef5876..f284d83 100644 > > --- a/extensions/libxt_TOS.c > > +++

Re: [PATCH 2/2] iptables: iptables: Constify option struct

On Sun, Apr 02, 2017 at 12:35:08PM +0530, Arushi Singhal wrote: > The structs of the type option are not modified anywhere. xtables-eb.c: In function ‘ebt_load_match_extensions’: xtables-eb.c:653:7: warning: assignment discards ‘const’ qualifier from pointer target type opts =

Re: [PATCH] net: ipv6: Removed unnecessary parenthesis

On Wed, Mar 29, 2017 at 02:32:43PM +0530, Arushi Singhal wrote: > Removed parentheses on the right hand side of assignment, as they are > not required. The following coccinelle script was used to fix this > issue: > > @@ > local idexpression id; > expression e; > @@ > > id = > -( > e > -) You

Re: [PATCH 1/4] net: netfilter:Remove exceptional & on function name

On Sun, Apr 02, 2017 at 02:52:12PM +0530, Arushi Singhal wrote: > Remove & from function pointers to conform to the style found elsewhere > in the file. Done using the following semantic patch > > // > @r@ > identifier f; > @@ > > f(...) { ... } > @@ > identifier r.f; > @@ > > - > + f > //

Re: [Outreachy kernel] [PATCH] net: ipv6: netfilter: Format block comments.

On Wed, Mar 29, 2017 at 02:09:43PM +0530, Arushi Singhal wrote: > Fix checkpatch warnings: > WARNING: Block comments use a trailing */ on a separate line > WARNING: Block comments use * on subsequent lines > > Signed-off-by: Arushi Singhal > --- >

Re: [PATCH 1/4] iptables: iptables: Add blank line after declaration

On Fri, Mar 31, 2017 at 09:43:48PM +0530, Arushi Singhal wrote: > Add blank line after the declaration of variable to follow kernel coding > style. > > Signed-off-by: Arushi Singhal > --- > iptables/getethertype.c | 1 + > 1 file changed, 1 insertion(+) > >

Re: [Outreachy kernel] [PATCH] iptables: libiptc: Use list_{next/prev}_entry instead of list_entry

On Fri, Apr 07, 2017 at 05:34:37PM +0200, Pablo Neira Ayuso wrote: > On Wed, Mar 29, 2017 at 11:42:19AM +0530, simran singhal wrote: > > This patch replace list_entry with list_{next/prev}_entry as it makes > > the code more clear to read. > > Applied, thanks. > > I think you can send a similar

Re: [PATCH iptables] tests: add regression tests for xtables-translate

On Fri, Apr 07, 2017 at 12:46:23PM +0200, Pablo M. Bermudo Garay wrote: > > Nice... But how this works? :) > > > > # python xlate-test.py > > Traceback (most recent call last): > > File "xlate-test.py", line 85, in > > main() > > File "xlate-test.py", line 78, in main > >

Re: [Outreachy kernel] [PATCH] iptables: libiptc: Use list_{next/prev}_entry instead of list_entry

On Wed, Mar 29, 2017 at 11:42:19AM +0530, simran singhal wrote: > This patch replace list_entry with list_{next/prev}_entry as it makes > the code more clear to read. Applied, thanks. I think you can send a similar patch for libnftnl. -- To unsubscribe from this list: send the line "unsubscribe

Re: [PATCH] net: netfilter: Use list_{next/prev}_entry instead of list_entry

On Wed, Mar 29, 2017 at 11:15:40AM +0530, simran singhal wrote: > This patch replace list_entry with list_prev_entry as it makes the > code more clear to read. Also applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to

Re: [PATCH] net: netfilter: Use seq_puts()/seq_putc() where possible

On Wed, Mar 29, 2017 at 03:25:17AM +0530, simran singhal wrote: > For string without format specifiers, use seq_puts(). For > seq_printf("\n"), use seq_putc('\n'). Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to

Re: [PATCH v2] net: Remove unnecessary cast on void pointer

On Wed, Mar 29, 2017 at 12:35:16AM +0530, simran singhal wrote: > The following Coccinelle script was used to detect this: > @r@ > expression x; > void* e; > type T; > identifier f; > @@ > ( > *((T *)e) > | > ((T *)x)[...] > | > ((T*)x)->f > | > > - (T*) > e > ) > > Unnecessary

Re: [PATCH iptables] extensions: libxt_hashlimit: fix 64-bit printf formats

On 7 April 2017 at 13:47, James Cowgill wrote: > hashlimit was using "%lu" in a lot of printf format specifiers to print > 64-bit integers. This is incorrect on 32-bit architectures because > "long int" is 32-bits there. On MIPS, it was causing iptables to > segfault

[PATCH iptables] extensions: libxt_hashlimit: fix 64-bit printf formats

hashlimit was using "%lu" in a lot of printf format specifiers to print 64-bit integers. This is incorrect on 32-bit architectures because "long int" is 32-bits there. On MIPS, it was causing iptables to segfault when printing these integers. Fix by using the correct format specifier.

[PATCH nf-next 1/1] netfilter: cttimeout: Refine cttimeout_del_timeout

From: Gao Feng 1. Return one error when try to delete all timeouts and meet one erorr; 2. Delete the condition block when fail to delete specified timeout. It is more clear that it would stop the loop when find one matched timeout. Signed-off-by: Gao Feng ---

Re: [PATCH iptables] tests: add regression tests for xtables-translate

> Nice... But how this works? :) > > # python xlate-test.py > Traceback (most recent call last): > File "xlate-test.py", line 85, in > main() > File "xlate-test.py", line 78, in main > load_test_files() > File "xlate-test.py", line 65, in load_test_files > run_test(test,