Re: [nft patch]add default branch for code integrality

Re: [nft patch]add default branch for code integrality

[Pablo Neira Ayuso]

On Thu, Nov 26, 2015 at 09:32:02AM +0000, Linmujia wrote:
> Hi,I reviewed nftables code and add some default branch for code itegrality.
> 
> Thanks!
> 
> Signed-off-by: linmujia <linmujia@huawei.com>
> ---
> src/netlink.c | 25 +++++++++++++++++++++++++
> 1 file changed, 25 insertions(+)
> 
> diff --git a/src/netlink.c b/src/netlink.c
> index 974afb1..7821169 100644
> --- a/src/netlink.c
> +++ b/src/netlink.c
> @@ -307,6 +307,8 @@ static void netlink_gen_verdict(const struct expr *expr,
>                 strncpy(data->chain, expr->chain, NFT_CHAIN_MAXNAMELEN);
>                 data->chain[NFT_CHAIN_MAXNAMELEN-1] = '\0';
>                 break;
> +       default:
> +                BUG("invalid verdict value %u\n", expr->verdict);
>        }
> }
> @@ -1670,6 +1672,8 @@ static uint32_t netlink_msg2nftnl_of(uint32_t msg)
>        case NFT_MSG_DELSETELEM:
>        case NFT_MSG_DELRULE:
>                 return NFTNL_OF_EVENT_DEL;
> +       default:
> +                BUG("invalid nft msg type %u\n", msg);
>        }
>         return 0;
> @@ -1741,6 +1745,8 @@ static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type,
>                                      netlink_msg2nftnl_of(type));
>                 fprintf(stdout, "\n");
>                 break;
> +       default:
> +                BUG("invalid output format %u\n", monh->format);

This will break old nft versions with new kernels, in case we add new
netlink messages.

And that is very likely to happen.