CFLAGS += -O2 LDLIBS = -lrt -lpthread -lpopt TEST_PROGS := mq_open_tests mq_perf_tests all: $(TEST_PROGS) include ../lib.mk override define RUN_TESTS @./mq_open_tests /test1 || echo "selftests: mq_open_tests [FAIL]" @./mq_perf_tests || echo "selftests: mq_perf_tests [FAIL]" endef override define EMIT_TESTS echo "./mq_open_tests /test1 || echo \"selftests: mq_open_tests [FAIL]\"" echo "./mq_perf_tests || echo \"selftests: mq_perf_tests [FAIL]\"" endef clean: rm -f mq_open_tests mq_perf_tests i/linux/net-next.git' title='net-next.git Git repository'/>
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLiping Zhang <zlpnobody@gmail.com>2017-01-22 22:10:32 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2017-01-24 21:46:29 +0100
commit5ce6b04ce96896e8a79e6f60740ced911eaac7a4 (patch)
treeb975e60eb3ab49d2fc1225abe615238325a61ed5
parentb2fbd04498789def80ceba3d5bbc5af7f2f70a5f (diff)
netfilter: nft_log: restrict the log prefix length to 127
First, log prefix will be truncated to NF_LOG_PREFIXLEN-1, i.e. 127, at nf_log_packet(), so the extra part is useless. Second, after adding a log rule with a very very long prefix, we will fail to dump the nft rules after this _special_ one, but acctually, they do exist. For example: # name_65000=$(printf "%0.sQ" {1..65000}) # nft add rule filter output log prefix "$name_65000" # nft add rule filter output counter # nft add rule filter output counter # nft list chain filter output table ip filter { chain output { type filter hook output priority 0; policy accept; } } So now, restrict the log prefix length to NF_LOG_PREFIXLEN-1. Fixes: 96518518cc41 ("netfilter: add nftables") Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat