At 2017-05-16 17:43:24, "Pablo Neira Ayuso" <pablo@xxxxxxxxxxxxx> wrote:
>On Tue, May 16, 2017 at 10:24:00AM +0200, Pablo Neira Ayuso wrote:
>> On Tue, May 16, 2017 at 09:30:18AM +0800, gfree.wind@xxxxxxxxxxx wrote:
>> > From: Gao Feng <gfree.wind@xxxxxxxxxxx>
>> >
>> > The info->target is from userspace and it would be used directly.
>> > So we need to add the sanity check to make sure it is a valid standard
>> > target, although the ebtables tool has already checked it. Kernel need
>> > to check anything from userspace.
>> >
>> > If the target was set as an evil value, it would break the ebtables
>> > and cause a panic. Because the non-standard target is treated as one
>> > offset.
>> >
>> > Now add one helper function ebt_invalid_target, and we would replace
>> > the macro INVALID_TARGET later.
>>
>> Applied, thanks.
>>
>> There is a few bunch of spots that can use this indeed. Follow up with
>> a patch for nf-next once merge window opens up.
I would pay some attention when nf is merged into nf-next.
>
>Please, use:
>
>netfilter: ...
>
>as you initial patch subject next time...
OK. I thought the ebtables codes should use prefix "ebtables: ", and I checked it with git log.
There were some commits which uses "ebtables" as prefix.
Could I assume both of ebtables and arptables uses the netfilter as prefix?
Regards
Feng
?韬{.n?壏煯壄?%娝?檩?w?{.n?壏租栕庄z_鉃豝n噐■?侂h櫒璀?{鄗夸z罐楘+€?zf"穐殘啳嗃i?飦?戧鐉_璁�鎗:+v墾?撸鴐
