Make both instances of the same message (about invalid country codes)
be consistent with each other. If you have scripts which capture and
collate error messages, then having consistent strings to match against
is a win.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
V666 Consider inspecting fourth argument of the function 'HX_memmem'.
It is possible that the value does not correspond with the length of
a string which was passed with the third argument.
prefix_str was only 16 bytes, but the largest emitted string could be
"255.255.255.255/32" (19 bytes).
xt_DNETMAP.c: In function "dnetmap_tg_check":
compat_xtables.h:46:22: warning: "%u" directive writing between 1 and 10
bytes into a region of size between 0 and 8 [-Wformat-overflow=]
# define NIPQUAD_FMT "%u.%u.%u.%u"
xt_DNETMAP.c:296:2: note: "sprintf" output between 10 and 27 bytes into
a destination of size 16
sprintf(p->prefix_str, NIPQUAD_FMT "/%u", NIPQUAD(mr->min_addr.ip),
33 - ffs(~(ip_min ^ ip_max)));
As a result of commit cc41c84b7e7f ("netfilter: kill the fake untracked
conntrack objects") the helper nf_ct_is_untracked always returns false
and commit ab8bc7ed864b ("netfilter: remove nf_ct_is_untracked") removes
it all together.
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
xt_psd.c:53:0: warning: "HASH_SIZE" redefined
#define HASH_SIZE (1 << HASH_LOG)
linux-4.10.10/include/linux/hashtable.h:26:0:
note: this is the location of the previous definition
#define HASH_SIZE(name) (ARRAY_SIZE(name))
Commit 613dbd95723aee7abd16860745691b6c7bda20dc (netfilter:
x_tables: move hook state into xt_action_param structure) changes the
struct xt_action_param, accommodate for it.
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
Commit f330a7fdbe1611104622faff7e614a246a7d20f0 (netfilter: conntrack:
get rid of conntrack timer) replaces timer_list with an u32, use helper
from commit c8607e020014cf11a61601a0005270bad81cabdf (netfilter: nft_ct:
fix expiration getter).
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
xt_ACCOUNTing objects create in one network namespace could be
read from all namespaces. Also object with the same name in
different namespaces would collide.
Signed-off-by: Andreas Schultz <aschultz@tpip.net>
The kernel version detection code uses some bashisms, which makes the
build fail on Debian systems where /bin/sh links to dash. Replace with
POSIX-conforming commands at the cost of requiring awk.
