On Mon, Dec 10, 2018 at 02:39:33PM +0100, Jozsef Kadlecsik wrote: > Hi Pablo, > > Please consider to pull the next patches for nf-next: > > - Replace a strncpy() with strscpy() from Qian Cai. > - Do not call ipset_nest_end() after nla_nest_cancel() in the error > path in list_set_list() from Pan Bian. > - Introduction of new commands and thus protocol version 7. The > new commands makes possible to eliminate the getsockopt interface > of ipset and use solely netlink to communicate with the kernel. > Due to the strict attribute checking both in user/kernel space, > a new protocol number was introduced. Both the kernel/userspace is > fully backward compatible. The "fix ip_set_byindex function" patch > in the ipset git tree from Florent Fourcot is merged into the patch. > - Make invalid MAC address checks consisten, from Stefano Brivio. > The patch depends on the next one. > - Allow matching on destination MAC address for mac and ipmac sets, > also from Stefano Brivio. Hm, I think I got you confused when discussing this pull-request. Patches 1-3 are already in the nf-next tree. I'm telling this because I thought the fix from Florent was only in your tree, but it is already here in nf-next git. I think we need the independent fix from Florent Fourcout, as an independent patch for nf-next. If Florent's patch in in patchwork, please pass me the link and I'll take it from there. Anyway, I took the liberty to route your patch 4/5 to nf.git as a fix. Patch 5/5 is rare, the gcc warning looks wrong? And strscpy will never fail? Thanks Jozsef!
