On Tue, Oct 21, 2014 at 11:56:49AM +0200, Pablo Neira Ayuso wrote:
> On Tue, Oct 21, 2014 at 10:53:19AM +0200, Arturo Borrero Gonzalez wrote:
> > On 21 October 2014 09:59, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > >
> > > BTW, it would be good to see a similar refactor in nft_verdict2str().
> >
> > I don't see a clean way to do it, given some verdicts are negative
> > numbers (enum nft_verdicts in nf_tables.h).
> > We may end accessing a negative index, out of bounds of the array.
>
> I see, you mean:
>
> enum nft_verdicts {
> NFT_CONTINUE = -1,
> NFT_BREAK = -2,
> NFT_JUMP = -3,
> NFT_GOTO = -4,
> NFT_RETURN = -5,
> };
>
> You can add some function to shift the values:
>
> #define nft_verdict_index(base) (base + 5)
BTW, instead of 5, add:
#define NFT_VERDICT_BASE NFT_RETURN
and use it.
>
> ... nft_verdict_array[] = {
> [nft_verdict_index(NFT_RETURN)] = "return",
> ...
> };
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
