On 7 January 2014 16:15, Kristian Evensen <kristian.evensen@xxxxxxxxx> wrote: > From: Kristian Evensen <kristian.evensen@xxxxxxxxx> > Hi Kristian, some minor comments below. > This patch adds userspace support for setting properties of tracked connections. > Currently, the connection mark is supported. This can be used to implemented the > same functionality as iptables -j CONNMARK --save-mark. > > Signed-off-by: Kristian Evensen <kristian.evensen@xxxxxxxxx> > diff --git a/src/expr/ct.c b/src/expr/ct.c > index 46e3cef..a509216 100644 > --- a/src/expr/ct.c > +++ b/src/expr/ct.c > @@ -24,7 +24,10 @@ > > struct nft_expr_ct { > enum nft_ct_keys key; > - uint32_t dreg; /* enum nft_registers */ > + union{ note the missing space after union definition. > @@ -235,11 +257,17 @@ static int nft_rule_expr_ct_xml_parse(struct nft_rule_expr *e, mxml_node_t *tree > uint8_t dir; > > reg = nft_mxml_reg_parse(tree, "dreg", MXML_DESCEND_FIRST); > - if (reg < 0) > - return -1; > + if (reg >= 0) { > + ct->dreg = reg; > + e->flags |= (1 << NFT_EXPR_CT_DREG); > + } else { > + reg = nft_mxml_reg_parse(tree, "sreg", MXML_DESCEND_FIRST); > + if (reg < 0) > + return -1; > > - ct->dreg = reg; > - e->flags |= (1 << NFT_EXPR_CT_DREG); > + ct->sreg = reg; > + e->flags |= (1 << NFT_EXPR_CT_SREG); > + } Looking at this, I think we should fail if neither dreg nor sreg are present. I guess we need at least one of two and if not, the expression is invalid. Also in JSON parsing. A similar improvement is required in src/expr/meta.c regards -- Arturo Borrero González -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html