On Tue, Oct 21, 2014 at 10:53:19AM +0200, Arturo Borrero Gonzalez wrote:
> On 21 October 2014 09:59, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> >
> > BTW, it would be good to see a similar refactor in nft_verdict2str().
>
> I don't see a clean way to do it, given some verdicts are negative
> numbers (enum nft_verdicts in nf_tables.h).
> We may end accessing a negative index, out of bounds of the array.
I see, you mean:
enum nft_verdicts {
NFT_CONTINUE = -1,
NFT_BREAK = -2,
NFT_JUMP = -3,
NFT_GOTO = -4,
NFT_RETURN = -5,
};
You can add some function to shift the values:
#define nft_verdict_index(base) (base + 5)
... nft_verdict_array[] = {
[nft_verdict_index(NFT_RETURN)] = "return",
...
};
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
