From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Florian Westphal <fw@strlen.de>
Cc: netdev@vger.kernel.org
Subject: Re: [PATCH net-next 13/13] netfilter: ctnetlink: restrict expectfn to helper
Date: Wed, 8 Apr 2026 02:05:37 +0200 [thread overview]
Message-ID: <adWb0aQFtjdJCLsr@chamomile> (raw)
In-Reply-To: <adUUTtWT8ITs83It@strlen.de>
On Tue, Apr 07, 2026 at 04:27:26PM +0200, Florian Westphal wrote:
> Florian Westphal <fw@strlen.de> wrote:
> > list_for_each_entry_rcu(cur, &nf_ct_helper_expectfn_list, head) {
> > - if (!strcmp(cur->name, name)) {
> > + if ((cur->helper && !strcmp(cur->helper, helper)) ||
> > + !strcmp(cur->name, name)) {
>
> Sigh, I don't know why I did not see this earlier. It looks wrong.
>
> Should this be:
>
> if ((cur->helper && strcmp(cur->helper, helper))
> continue; // skip, name doesn't match
>
> if (!strcmp(cur->name, name)) {
> ...
>
> as is, this restriction has no effect in case the requested
> name matches?
>
> AI suggests
>
> if ((cur->helper && !strcmp(cur->helper, helper)) &&
> !strcmp(cur->name, name)) {
>
> ... but i think thats bogus too. What to do?
>
> Send v2 or do you want to followup later?
Keep it back, not urgent.
I should have withdraw this patch, I wanted to use an enum instead of
strings in v2.
Sorry.
next prev parent reply other threads:[~2026-04-08 0:05 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-07 14:15 [PATCH net-next 00/13] netfilter: updates for net-next Florian Westphal
2026-04-07 14:15 ` [PATCH net-next 01/13] netfilter: use function typedefs for __rcu NAT helper hook pointers Florian Westphal
2026-04-07 14:15 ` [PATCH net-next 02/13] netfilter: nf_tables: Fix typo in enum description Florian Westphal
2026-04-07 14:15 ` [PATCH net-next 03/13] netfilter: nf_conntrack_sip: remove net variable shadowing Florian Westphal
2026-04-07 14:15 ` [PATCH net-next 04/13] netfilter: add deprecation warning for dccp support Florian Westphal
2026-04-07 14:15 ` [PATCH net-next 05/13] netfilter: nf_conntrack_h323: remove unreliable debug code in decode_octstr Florian Westphal
2026-04-07 14:15 ` [PATCH net-next 06/13] netfilter: add more netlink-based policy range checks Florian Westphal
2026-04-07 14:15 ` [PATCH net-next 07/13] netfilter: nf_tables: add netlink policy based cap on registers Florian Westphal
2026-04-07 14:15 ` [PATCH net-next 08/13] netfilter: nft_set_pipapo: increment data in one step Florian Westphal
2026-04-07 14:15 ` [PATCH net-next 09/13] netfilter: nft_set_pipapo_avx2: remove redundant loop in lookup_slow Florian Westphal
2026-04-07 14:15 ` [PATCH net-next 10/13] netfilter: nft_meta: add double-tagged vlan and pppoe support Florian Westphal
2026-04-07 14:15 ` [PATCH net-next 11/13] netfilter: nf_conntrack_h323: Correct indentation when H323_TRACE defined Florian Westphal
2026-04-07 14:15 ` [PATCH net-next 12/13] netfilter: nf_tables_offload: add nft_flow_action_entry_next() and use it Florian Westphal
2026-04-07 14:15 ` [PATCH net-next 13/13] netfilter: ctnetlink: restrict expectfn to helper Florian Westphal
2026-04-07 14:27 ` Florian Westphal
2026-04-08 0:05 ` Pablo Neira Ayuso [this message]
2026-04-08 1:00 ` [PATCH net-next 00/13] netfilter: updates for net-next Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=adWb0aQFtjdJCLsr@chamomile \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.