| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
With attr_policy in place, data_len has an upper boundary. Use it for
memcpy() calls to cover for caller passing data with lower size than the
attribute's storage.
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
|
|
|
|
|
| |
Just like with struct expr_ops::attr_policy, enable object types to
inform about restrictions on attribute use. This way generic object code
may perform sanity checks before dispatching to object ops.
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
|
|
|
|
|
|
|
| |
Refer to obj_ops::nftnl_max_attr field value for the maximum supported
attribute value to reject invalid ones upfront.
Consequently drop default cases from callbacks' switches which handle
all supported attributes.
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
|
|
|
|
| |
Just like with struct expr_ops::max_attr, make it hold the maximum
object attribute (NFTNL_OBJ_*) value supported by this object type.
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building with clang and glibc and -D_FORTIFY_SOURCE=2 is passed to
clang, the snprintf member of the expr_ops and obj_ops structures will
be incorrectly replaced with __builtin_snprintf_chk() which results in
"error: no member named '__builtin___snprintf_chk'" errors at build
time.
This patch changes the member name from 'snprintf' to 'output' to
prevent the replacement.
This bug can be emulated using GCC by undefining the __va_arg_pack macro
before stdio.h is included.
This patch is based on the notes provided in
https://bugs.gentoo.org/807766.
Signed-off-by: Nicholas Vinson <nvinson234@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
| |
Objects don't support any other output type than NFTNL_OUTPUT_DEFAULT,
so just drop the parameter.
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rolf Eike Beer <eike@sf-mail.de> reported that nft-expr_quota-test fails
with a SIGBUS on SPARC due to unaligned accesses. This patch resolves
that and fixes additional sources of unaligned accesses matching the
same pattern. Both nft-expr_quota-test and nft-expr_objref-test
generated unaligned accesses on DEC Alpha.
Bug: https://bugs.gentoo.org/666448
Signed-off-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
We have better json support in libnftables these days.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
In _snprintf() functions definition the buffer is null terminated.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch allows you to add, to delete and to get stateful objects,
this support two object types: counter and quota.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|