Re:Re: [PATCH nf v2] ebtables: arpreply: Add the standard target sanity check

At 2017-05-16 17:43:24, "Pablo Neira Ayuso" <pa...@netfilter.org> wrote: >On Tue, May 16, 2017 at 10:24:00AM +0200, Pablo Neira Ayuso wrote: >> On Tue, May 16, 2017 at 09:30:18AM +0800, gfree.w...@vip.163.com wrote: >> > From: Gao Feng <gfree.w...@vip.163.com

Re:Re: [PATCH nf] ebtables: arpreply: Add the standard target sanity check

At 2017-05-16 00:56:59, "Pablo Neira Ayuso" <pa...@netfilter.org> wrote: >On Mon, May 15, 2017 at 06:56:02PM +0200, Pablo Neira Ayuso wrote: >> On Fri, May 12, 2017 at 05:44:10PM +0800, gfree.w...@vip.163.com wrote: >> > From: Gao Feng <gfree.w...@vip.163.com

Re:Re: [PATCH nf v6 3/3] netfilter: nat_helper: Remove the expectations when its module is unloaded

Hi Liping, At 2017-05-05 09:59:06, "Liping Zhang" wrote: >Hi Feng, > >2017-05-05 8:55 GMT+08:00 : >[...] >> +static void >> +nf_ct_flush_expect(const struct module *me) >> +{ >> + struct nf_conntrack_expect *exp; >> + const struct

RE: [PATCH nf-next] netfilter: tcp: Use TCP_MAX_WSCALE instead of literal 14

> From: Eric Dumazet [mailto:eric.duma...@gmail.com] > On Thu, 2017-04-20 at 08:44 +0800, Gao Feng wrote: > > > On Wed, Apr 19, 2017 at 09:57:55PM +0200, Pablo Neira Ayuso wrote: > > > > On Wed, Apr 19, 2017 at 09:22:08AM -0700, Eric Dumazet wrote: > > > &

RE: [PATCH nf-next] netfilter: tcp: Use TCP_MAX_WSCALE instead of literal 14

il.com > wrote: > > > > > From: Gao Feng <f...@ikuai8.com> > > > > > > > > > > The window scale may be enlarged from 14 to 15 according to the > > > > > itef draft https://tools.ietf.org/html/draft-nishida-tcpm-maxwin-03. > >

RE: [PATCH nf v5 2/3] netfilter: nat_helper: Make sure every proto nat module uses its nat_helper

Hi Pablo, > From: netfilter-devel-ow...@vger.kernel.org > [mailto:netfilter-devel-ow...@vger.kernel.org] On Behalf Of Pablo Neira > Ayuso > On Fri, Apr 14, 2017 at 08:46:44AM +0800, Gao Feng wrote: > > > -Original Message- > > > From: Pablo Neira Ayuso [mail

RE: [PATCH nf-next v2 1/1] netfilter: SYNPROXY: Return NF_STOLEN instead of NF_DROP during handshaking

> -Original Message- > From: netfilter-devel-ow...@vger.kernel.org > On Fri, Apr 14, 2017 at 07:04:44AM +0800, Gao Feng wrote: > > > -Original Message- > > > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > > > > > > On W

RE: [PATCH nf v2] netfilter: cttimeout: Fix one possible use-after-free issue

> From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > On Fri, Apr 14, 2017 at 09:13:40AM +0800, gfree.w...@foxmail.com wrote: > > From: Gao Feng <f...@ikuai8.com> > > > > The function ctnl_untimeout is used to untimeout every conntrack which > > is using the

RE: [PATCH nf] netfilter: xt_CT: fix cthelper module's refcnt leak

> -Original Message- > From: Liping Zhang [mailto:zlpnob...@gmail.com] > Hi Pablo, > > 2017-04-14 6:30 GMT+08:00 Pablo Neira Ayuso : > >> We should call module_put when the time policy is not found. > >> Otherwise, the related cthelper module cannot be removed

RE: [PATCH nf v5 2/3] netfilter: nat_helper: Make sure every proto nat module uses its nat_helper

> -Original Message- > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > On Fri, Mar 31, 2017 at 06:38:20PM +0800, gfree.w...@foxmail.com wrote: > > +static struct nf_ct_nat_helper pptp_nat = { > > + .name = "pptp_nat", > > Why all these with "xyz_nat" names? I

RE: [PATCH nf-next v2 1/1] netfilter: SYNPROXY: Return NF_STOLEN instead of NF_DROP during handshaking

> -Original Message- > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > > On Wed, Apr 12, 2017 at 10:14:50AM +0800, gfree.w...@foxmail.com wrote: > > > > Current SYNPROXY codes return NF_DROP during normal TCP handshaking, > > it is not friendly to caller. Because the nf_hook_slow

RE: [PATCH nf 1/1] netfilter: cttimeout: Fix one possible use-after-free issue

> -Original Message- > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > On Thu, Apr 06, 2017 at 07:09:09PM +0800, gfree.w...@foxmail.com wrote: > > > > The function ctnl_untimeout is used to untimeout every conntrack which > > is using the timeout. But it is necessary to add one

RE: [PATCH nf 1/1] netfilter: seqadj: Fix possible non-linear data access for TCP header

> -Original Message- > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > Sent: Friday, April 14, 2017 5:45 AM > To: gfree.w...@foxmail.com > Cc: netfilter-devel@vger.kernel.org; Gao Feng <f...@ikuai8.com> > Subject: Re: [PATCH nf 1/1] netfilter: seqadj: Fix

RE: [PATCH nf] netfilter: ctnetlink: make it safer when updating ct->status

Hi Liping, > -Original Message- > From: Liping Zhang [mailto:zlpnob...@gmail.com] > Sent: Thursday, April 13, 2017 11:15 AM > To: Gao Feng <gfree.w...@foxmail.com> > Cc: Liping Zhang <zlpnob...@163.com>; Pablo Neira Ayuso > <pa...@netfilter.org&g

RE: [PATCH nf] netfilter: ctnetlink: make it safer when updating ct->status

> -Original Message- > From: Gao Feng [mailto:gfree.w...@foxmail.com] > Sent: Thursday, April 13, 2017 10:42 AM > To: 'Liping Zhang' <zlpnob...@163.com>; 'pa...@netfilter.org' > <pa...@netfilter.org> > Cc: 'netfilter-devel@vger.kernel.org' <netfilter

RE: [PATCH nf] netfilter: ctnetlink: make it safer when updating ct->status

Hi Liping, > -Original Message- > From: netfilter-devel-ow...@vger.kernel.org > [mailto:netfilter-devel-ow...@vger.kernel.org] On Behalf Of Liping Zhang > Sent: Wednesday, April 12, 2017 11:57 PM > To: pa...@netfilter.org > Cc: netfilter-devel@vger.kernel.org; cerne...@chromium.org;

RE: [PATCH nf 1/1] netfilter: seqadj: Fix possible non-linear data access for TCP header

Hi Pablo, > -Original Message- > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > Sent: Monday, April 10, 2017 8:07 PM > To: gfree.w...@foxmail.com > Cc: netfilter-devel@vger.kernel.org; Gao Feng <f...@ikuai8.com> > Subject: Re: [PATCH nf 1/1] netfilter:

RE: [PATCH nf-next v2 1/1] netfilter: nat: Correct the return value check for nat mangled packet

> -Original Message- > From: Gao Feng [mailto:gfree.w...@foxmail.com] > Sent: Friday, April 7, 2017 6:16 AM > To: 'Pablo Neira Ayuso' <pa...@netfilter.org> > Cc: 'netfilter-devel@vger.kernel.org' <netfilter-devel@vger.kernel.org>; 'Gao > Feng' <f...@iku

RE: [PATCH nf-next 1/1] netfilter: ctlink: Return error directly when create expect without help

Hi Pablo, > -Original Message- > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > Sent: Friday, April 7, 2017 3:55 AM > To: gfree.w...@foxmail.com > Cc: netfilter-devel@vger.kernel.org; Gao Feng <f...@ikuai8.com> > Subject: Re: [PATCH nf-next 1/1] netfilt

RE: [PATCH nf-next v2 1/1] netfilter: nat: Correct the return value check for nat mangled packet

Hi Palbo, > -Original Message- > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > Sent: Friday, April 7, 2017 3:25 AM > To: gfree.w...@foxmail.com > Cc: netfilter-devel@vger.kernel.org; Gao Feng <f...@ikuai8.com> > Subject: Re: [PATCH nf-next v2 1/1]

RE: [PATCH nf-next 1/1] netfilter: Remove useless variable timeouts in init_conntrack

> -Original Message- > From: kbuild test robot [mailto:l...@intel.com] > Sent: Thursday, April 6, 2017 4:01 AM > To: gfree.w...@foxmail.com > Cc: kbuild-...@01.org; pa...@netfilter.org; netfilter-devel@vger.kernel.org; > Gao Feng <f...@ikuai8.com> > Subj

RE: [PATCH nf-next 1/1] netfilter: Remove useless variable timeouts in init_conntrack

Hi Florian, > -Original Message- > From: Florian Westphal [mailto:f...@strlen.de] > Sent: Wednesday, April 5, 2017 9:17 PM > To: gfree.w...@foxmail.com > Cc: pa...@netfilter.org; netfilter-devel@vger.kernel.org; Gao Feng > <f...@ikuai8.com> > Subject: Re: [P

RE: [PATCH nf-next 1/1] netfilter: udplite4: Remove duplicated udplite4 declaration

Hi, > -Original Message- > From: gfree.w...@foxmail.com [mailto:gfree.w...@foxmail.com] > Sent: Wednesday, April 5, 2017 9:23 AM > To: pa...@netfilter.org; netfilter-devel@vger.kernel.org > Cc: Gao Feng <f...@ikuai8.com> > Subject: [PATCH nf-next 1/1] net

RE: [PATCH nf v4 2/2] netfilter: helper: Fix possible panic caused by invoking expectfn unloaded

Hi Pablo, > -Original Message- > From: netfilter-devel-ow...@vger.kernel.org > [mailto:netfilter-devel-ow...@vger.kernel.org] On Behalf Of Pablo Neira Ayuso > Sent: Wednesday, March 29, 2017 5:54 PM > To: gfree.w...@foxmail.com > Cc: netfilter-devel@vger.kernel.org; Gao

RE: [PATCH nf-next v2 1/1] netfilter: helper: Remove useless rcu lock when get expectfn

Hi Pablo, > -Original Message- > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > Sent: Wednesday, March 29, 2017 6:44 PM > To: Gao Feng <gfree.w...@foxmail.com> > Cc: netfilter-devel@vger.kernel.org; 'Gao Feng' <f...@ikuai8.com> > Subject: Re: [P

RE: [PATCH nf-next v2 1/1] netfilter: helper: Remove useless rcu lock when get expectfn

Hi Pablo, > -Original Message- > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > Sent: Wednesday, March 29, 2017 6:08 PM > To: gfree.w...@foxmail.com > Cc: netfilter-devel@vger.kernel.org; Gao Feng <f...@ikuai8.com> > Subject: Re: [PATCH nf-next v2 1/1] n

RE: [PATCH nf v4 1/1] netfilter: snmp: Fix one possible panic when snmp_trap_helper fail to register

g; netfilter-devel@vger.kernel.org; > gfree.w...@foxmail.com; Gao Feng <f...@ikuai8.com> > Subject: Re: [PATCH nf v4 1/1] netfilter: snmp: Fix one possible panic when > snmp_trap_helper fail to register > > Hi Gao, > > [auto build test WARNING on nf/master] > > url: &g

RE: [PATCH nf-next 1/1] netfilter: Use bool type instead of int as the return value of nf_conntrack_tuple_taken and nf_nat_used_tuple

; Subject: Re: [PATCH nf-next 1/1] netfilter: Use bool type instead of int as the > return value of nf_conntrack_tuple_taken and nf_nat_used_tuple > > On Tue, Mar 07, 2017 at 12:28:55PM +0800, f...@ikuai8.com wrote: > > From: Gao Feng <f...@ikuai8.com> > > > &g

RE: [PATCH nf-next 1/4] netfilter: amanda: Correct the return value comparison of the func nf_nat_mangle_udp_packet

value > comparison of the func nf_nat_mangle_udp_packet > > On Fri, Mar 17, 2017 at 02:47:19PM +0800, f...@ikuai8.com wrote: > > From: Gao Feng <f...@ikuai8.com> > > > > The return value of nf_nat_mangle_udp_packet actually is 1 and 0 as > > bool type. But the a

RE: [PATCH nf v4 1/1] netfilter: snmp: Fix one possible panic when snmp_trap_helper fail to register

Hi Liping, > -Original Message- > From: Liping Zhang [mailto:zlpnob...@gmail.com] > Sent: Saturday, March 25, 2017 4:17 PM > To: gfree.w...@foxmail.com > Cc: Pablo Neira Ayuso <pa...@netfilter.org>; Netfilter Developer Mailing List > <netfilter-devel@vg

RE: [PATCH nf v3 1/1] netfilter: snmp: Fix one possible panic when snmp_trap_helper fail to register

ubject: Re: [PATCH nf v3 1/1] netfilter: snmp: Fix one possible panic when > snmp_trap_helper fail to register > > On Tue, Mar 21, 2017 at 08:22:29AM +0800, f...@ikuai8.com wrote: > > From: Gao Feng <f...@ikuai8.com> > > > > In the commit 93557f53e1fb (

RE: [PATCH nf 1/1] netfilter: expect: Make sure the max_expected limit is effective

Hi Pablo, > -Original Message- > From: Pablo Neira Ayuso [mailto:pa...@netfilter.org] > Sent: Friday, March 24, 2017 7:43 PM > To: gfree.w...@foxmail.com > Cc: netfilter-devel@vger.kernel.org; Gao Feng <f...@ikuai8.com> > Subject: Re: [PATCH nf 1/1] netf

RE: [PATCH nf v3 1/1] netfilter: snmp: Fix one possible panic when snmp_trap_helper fail to register

, 2017 at 08:22:29AM +0800, f...@ikuai8.com wrote: > > > From: Gao Feng <f...@ikuai8.com> > > > > > > In the commit 93557f53e1fb ("netfilter: nf_conntrack: nf_conntrack > > > snmp helper"), the snmp_helper is replaced by nf_nat_snmp_hook. So > &

RE: [PATCH RESENT nf 1/1] netfilter: ctlink: Fix one possible use-after-free in ctnetlink_create_expect

Hi Pablo, > -Original Message- > From: netfilter-devel-ow...@vger.kernel.org > [mailto:netfilter-devel-ow...@vger.kernel.org] On Behalf Of Gao Feng > Sent: Wednesday, March 22, 2017 9:37 AM > To: pa...@netfilter.org; netfilter-devel@vger.kernel.org > Cc: 'Gao Feng

RE: [PATCH RESENT nf 1/1] netfilter: ctlink: Fix one possible use-after-free in ctnetlink_create_expect

nel.org; > gfree.w...@foxmail.com > Cc: Gao Feng <f...@ikuai8.com> > Subject: [PATCH RESENT nf 1/1] netfilter: ctlink: Fix one possible use-after-free > in ctnetlink_create_expect > > From: Gao Feng <f...@ikuai8.com> > > There is no rcu_read_lock during ctlink gets the

RE: [PATCH nf v3 2/2] netfilter: helper: Fix possible panic caused by invoking expectfn unloaded

@126.com > Subject: Re: [PATCH nf v3 2/2] netfilter: helper: Fix possible panic caused by > invoking expectfn unloaded > > On Tue, Mar 21, 2017 at 02:06:26PM +0800, f...@ikuai8.com wrote: > > From: Gao Feng <f...@ikuai8.com> > > > > Because the conntrack NAT module

Re: [PATCH v2 nf 1/1] netfilter: helper: Fix possible panic caused by invoking expectfn unloaded

On Mon, Mar 20, 2017 at 9:11 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Mon, Mar 20, 2017 at 09:06:22PM +0800, Gao Feng wrote: >> On Mon, Mar 20, 2017 at 8:50 PM, Pablo Neira Ayuso <pa...@netfilter.org> >> wrote: >> > On Mon, Mar 20, 2017 at 11:44

Re: [PATCH v2 nf 1/1] netfilter: helper: Fix possible panic caused by invoking expectfn unloaded

On Mon, Mar 20, 2017 at 8:50 PM, Pablo Neira Ayuso wrote: > On Mon, Mar 20, 2017 at 11:44:42AM +0100, Pablo Neira Ayuso wrote: >> > diff --git a/net/netfilter/nf_conntrack_helper.c >> > b/net/netfilter/nf_conntrack_helper.c >> > index 6dc44d9..6c840af 100644 >> > ---

Re: [PATCH v2 nf 1/1] netfilter: helper: Fix possible panic caused by invoking expectfn unloaded

On Mon, Mar 20, 2017 at 6:44 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Sat, Mar 18, 2017 at 03:40:45PM +0800, f...@ikuai8.com wrote: >> From: Gao Feng <f...@ikuai8.com> >> >> The helper module could register one helper expectfn by the function >&g

Re: [PATCH nf 1/1] netfilter: helper: Fix possible panic caused by invoking expectfn unloaded

Hi Pablo, On Fri, Mar 17, 2017 at 10:09 PM, Gao Feng <f...@ikuai8.com> wrote: > Hi Pablo, > > On Fri, Mar 17, 2017 at 9:08 PM, Pablo Neira Ayuso <pa...@netfilter.org> > wrote: >> On Tue, Mar 14, 2017 at 02:26:06PM +0800, f...@ikuai8.com wrote: >&

Re: [PATCH nf 1/1] netfilter: helper: Fix possible panic caused by invoking expectfn unloaded

Hi Pablo, On Fri, Mar 17, 2017 at 9:08 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Tue, Mar 14, 2017 at 02:26:06PM +0800, f...@ikuai8.com wrote: >> From: Gao Feng <f...@ikuai8.com> >> >> The helper module permits the helper modules register

Re: [PATCH nf 1/1] netfilter: helper: Fix possible panic caused by invoking expectfn unloaded

Hi Pablo, On Wed, Mar 15, 2017 at 9:07 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Tue, Mar 14, 2017 at 02:26:06PM +0800, f...@ikuai8.com wrote: >> From: Gao Feng <f...@ikuai8.com> >> >> The helper module permits the helper modules register

Re: [PATCH nf 1/1] netfilter: nat_masquerade: Check oom when invoke nfct_nat

Hi Pablo, On Fri, Mar 3, 2017 at 5:30 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Fri, Mar 03, 2017 at 09:58:52AM +0800, f...@ikuai8.com wrote: >> From: Gao Feng <f...@ikuai8.com> >> >> When memory is exhausted, nf_ct_nat_ext_add may re

Re: [PATCH nf 1/1] netfilter: h323,sip: Fix possible dead loop in nat_rtp_rtcp and nf_nat_sdp_media

Hi Liping, On Thu, Mar 2, 2017 at 7:18 PM, Liping Zhang <zlpnob...@gmail.com> wrote: > Hi, > 2017-03-02 18:18 GMT+08:00 Gao Feng <f...@ikuai8.com>: > [...] >> The expect class is NF_CT_EXPECT_CLASS_DEFAULT, and proto is >> IPPROTO_UDP at the function "

Re: [PATCH nf-next 1/1] netfilter: nf_tables: Remove the rcu lock for dump functions

Hi Pablo, On Thu, Jan 12, 2017 at 7:11 PM, Pablo Neira Ayuso wrote: > On Thu, Jan 12, 2017 at 06:37:54PM +0800, f...@ikuai8.com wrote: >> From: Feng >> >> The rcu lock protect is added 3 years ago with the commit >> e688a7f8c6cb7a18aae7e55ccdd175f0ad9e69c0.

Re: [PATCH nf-next 1/1] netfilter: nf_tables: Refine the codes to eliminate useless condition checks in nf_tables_api.c

Hi Pablo, On Thu, Jan 12, 2017 at 7:21 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Wed, Jan 11, 2017 at 09:32:15AM +0800, f...@ikuai8.com wrote: >> From: Gao Feng <f...@ikuai8.com> >> >> The return value of nf_tables_table_lookup is valid pointer or on

Re: [PATCH net-next 1/1] netfilter: xt_multiport: Fix wrong unmatch result with multiple ports

On Fri, Nov 25, 2016 at 12:11 PM, Eric Dumazet <eric.duma...@gmail.com> wrote: > On Fri, 2016-11-25 at 11:58 +0800, f...@ikuai8.com wrote: >> From: Gao Feng <f...@ikuai8.com> >> >> I lost one test case in the commit for xt_multiport. >> For example, the r

Re: [PATCH nf-next] netfilter: xt_osf: Use explicit member assignment to avoid implicit no padding rule

Hi Liping, On Tue, Sep 27, 2016 at 1:49 PM, Liping Zhang <zlpnob...@gmail.com> wrote: > Hi Feng, > > 2016-09-27 12:39 GMT+08:00 <f...@ikuai8.com>: >> From: Gao Feng <f...@ikuai8.com> >> >> Current xt_osf codes use memcmp to check if two user fingers

Re: [PATCH nf-next] netfilter: xt_nfacct: Use not operation instead of condition check

On Tue, Sep 27, 2016 at 8:39 AM, Florian Westphal <f...@strlen.de> wrote: > Gao Feng <f...@ikuai8.com> wrote: >> >> diff --git a/net/netfilter/xt_nfacct.c b/net/netfilter/xt_nfacct.c >> >> index cf32759..7abb5b5 100644 >> >> --- a/net/netfilte

Re: [PATCH nf-next] netfilter: xt_nfacct: Use not operation instead of condition check

Hi Florian, On Mon, Sep 26, 2016 at 11:17 PM, Florian Westphal wrote: > f...@ikuai8.com wrote: >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/net/netfilter/xt_nfacct.c b/net/netfilter/xt_nfacct.c >> index cf32759..7abb5b5 100644 >> ---

Re: [PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later

Hi Pablo, On Tue, Sep 6, 2016 at 10:54 PM, Gao Feng <f...@ikuai8.com> wrote: > inline > > On Tue, Sep 6, 2016 at 10:51 PM, Florian Westphal <f...@strlen.de> wrote: >> f...@ikuai8.com <f...@ikuai8.com> wrote: >>> From: Gao Feng <f...

Re: [PATCH v4 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later

Hi Pablo, On Tue, Sep 6, 2016 at 6:17 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Tue, Sep 06, 2016 at 09:57:23AM +0800, f...@ikuai8.com wrote: >> From: Gao Feng <f...@ikuai8.com> >> >> When memory is exhausted, nfct_seqadj_ext_add may fa

Re: [PATCH v5 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later

inline On Tue, Sep 6, 2016 at 10:51 PM, Florian Westphal <f...@strlen.de> wrote: > f...@ikuai8.com <f...@ikuai8.com> wrote: >> From: Gao Feng <f...@ikuai8.com> >> >> When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj >> extensio

Re: [PATCH v4 nf] netfilter: seqadj: Drop the packet directly when fail to add seqadj extension to avoid dereference NULL pointer later

inline On Tue, Sep 6, 2016 at 6:17 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Tue, Sep 06, 2016 at 09:57:23AM +0800, f...@ikuai8.com wrote: >> From: Gao Feng <f...@ikuai8.com> >> >> When memory is exhausted, nfct_seqadj_ext_add may fa

Re: [PATCH v2 1/2 nf] netfilter: seqadj: Fix one possible panic in seqadj when mem is exhausted

Hi Florian, On Fri, Sep 2, 2016 at 2:59 PM, Florian Westphal <f...@strlen.de> wrote: > f...@ikuai8.com <f...@ikuai8.com> wrote: >> From: Gao Feng <f...@ikuai8.com> >> >> When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj >>