Hi Pablo, On Thu, 13 Dec 2018, Pablo Neira Ayuso wrote: > On Mon, Dec 10, 2018 at 02:39:33PM +0100, Jozsef Kadlecsik wrote: > > > > Please consider to pull the next patches for nf-next: > > > > - Replace a strncpy() with strscpy() from Qian Cai. > > - Do not call ipset_nest_end() after nla_nest_cancel() in the error > > path in list_set_list() from Pan Bian. > > - Introduction of new commands and thus protocol version 7. The > > new commands makes possible to eliminate the getsockopt interface > > of ipset and use solely netlink to communicate with the kernel. > > Due to the strict attribute checking both in user/kernel space, > > a new protocol number was introduced. Both the kernel/userspace is > > fully backward compatible. The "fix ip_set_byindex function" patch > > in the ipset git tree from Florent Fourcot is merged into the patch. > > - Make invalid MAC address checks consisten, from Stefano Brivio. > > The patch depends on the next one. > > - Allow matching on destination MAC address for mac and ipmac sets, > > also from Stefano Brivio. > > Hm, I think I got you confused when discussing this pull-request. > Patches 1-3 are already in the nf-next tree. I'm telling this because > I thought the fix from Florent was only in your tree, but it is > already here in nf-next git. > > I think we need the independent fix from Florent Fourcout, as an > independent patch for nf-next. If Florent's patch in in patchwork, > please pass me the link and I'll take it from there. Yes, that confused me and better apply the independent patch from Florent Fourcout. It can be found here (not patchwork, though): https://marc.info/?l=netfilter-devel&m=154333572628311&w=2 > Anyway, I took the liberty to route your patch 4/5 to nf.git as a fix. Thanks! > Patch 5/5 is rare, the gcc warning looks wrong? And strscpy will never > fail? The gcc warning is definitely wrong, the target data size is verified previously. But I suppose gcc cannot figure it out, so better silence the warning. strscpy() may return an error code which is checked and passed back. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary
