syzbot reports following splat:
BUG: KMSAN: uninit-value in ebt_stp_mt_check+0x24b/0x450
net/bridge/netfilter/ebt_stp.c:162
ebt_stp_mt_check+0x24b/0x450 net/bridge/netfilter/ebt_stp.c:162
xt_check_match+0x1438/0x1650 net/netfilter/x_tables.c:506
ebt_check_match
Add alias definition for module autoload when adding socket rules.
Fixes: 554ced0a6e29 ("netfilter: nf_tables: add support for native socket
matching")
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nft_socket.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netfilter/nft_socket.c
Hi Laura,
On Sun, Apr 22, 2018 at 11:05:53AM +0200, Laura Garcia Liebana wrote:
> +numgen_expr : NUMGEN numgen_type MOD NUM
> offset_opt numgen_map_expr
Hint: Instead of adding numgen_map_expr, what you could do is to reuse
the existing parser. Look:
# nft add
If 'flush ruleset' command is done, release the cache but still keep the
generation ID around. Hence, follow up calls to cache_update() will
assume that cache is updated and will not perform a netlink dump.
Signed-off-by: Pablo Neira Ayuso
---
include/rule.h | 4 +++-
src/evaluate.c | 3 ++-
On Thu, Jun 07, 2018 at 12:28:16PM +0200, Máté Eckl wrote:
> Like this? I don't know how common or accepted is it to use inline struct
> definitions, but I think this is the only better way then the actual.
>
> static const char *chain_prio2str(int prio)
> {
> static
On Thu, Jun 07, 2018 at 06:15:14PM +0800, gfree.w...@vip.163.com wrote:
> From: Gao Feng
>
> The __IPS_MAX_BIT is used in __ctnetlink_change_status as the max bit
> value. When add new bit IPS_OFFLOAD_BIT whose value is 14, we should
> increase the __IPS_MAX_BIT too, from 14 to 15.
>
> There is
On Thu, Jun 07, 2018 at 02:19:02AM +0200, Pablo Neira Ayuso wrote:
> Hi Máté,
>
> Thanks for working on this.
>
> See comments below.
>
> On Wed, Jun 06, 2018 at 09:33:56PM +0200, Máté Eckl wrote:
> > v2:
> > - more comprehensive names
> > - expose basic priorities used by iptables
> > - use
From: Gao Feng
The __IPS_MAX_BIT is used in __ctnetlink_change_status as the max bit
value. When add new bit IPS_OFFLOAD_BIT whose value is 14, we should
increase the __IPS_MAX_BIT too, from 14 to 15.
There is no any bug in current codes, although it lost one loop in
__ctnetlink_change_status.