Re: netfilter: nft_ct: add zone id set support

From: Pablo Neira Ayuso
Date: Thu Feb 23 2017 - 06:43:24 EST


On Thu, Feb 23, 2017 at 12:34:35PM +0100, Florian Westphal wrote:
> Geert Uytterhoeven <geert@xxxxxxxxxxxxxx> wrote:
> > On Wed, Feb 22, 2017 at 8:02 PM, Linux Kernel Mailing List
> > <linux-kernel@xxxxxxxxxxxxxxx> wrote:
> > > Web: https://git.kernel.org/torvalds/c/edee4f1e92458299505ff007733f676b00c516a1
> > > Commit: edee4f1e92458299505ff007733f676b00c516a1
> > > Parent: 5c178d81b69f08ca3195427a6ea9a46d9af23127
> > > Refname: refs/heads/master
> > > Author: Florian Westphal <fw@xxxxxxxxx>
> > > AuthorDate: Fri Feb 3 13:35:50 2017 +0100
> > > Committer: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> > > CommitDate: Wed Feb 8 14:16:23 2017 +0100
> > >
> > Unlike for the other cases of the switch statement, "len" is not initialized
> > here...
> >
> > > + break;
> > > priv->sreg = nft_parse_register(tb[NFTA_CT_SREG]);
> > > err = nft_validate_register_load(priv->sreg, len);
> >
> > ... and used here, which may lead to spurious failures of
> > nft_validate_register_load().
>
> Yes, Dan reported this and a patch is queued at
> http://patchwork.ozlabs.org/patch/727573/
>
> Pablo, any reason why this is still waiting?

I just flushing out my nf.git tree via pull request.

Once these changes are pulled, I'll fetch recent net-next changes that
were just merged via net. Then, I'll pick this so we can calm down
these compilation warnings.

Are you OK with this procedure? Thanks!