* Re: [nft patch]add default branch for code integrality
[not found] <0A900C78B9F2324AB7F4F7A51D1A2F85779782D0@szxema505-mbs.china.huawei.com>
@ 2015-11-26 9:49 ` Pablo Neira Ayuso
0 siblings, 0 replies; only message in thread
From: Pablo Neira Ayuso @ 2015-11-26 9:49 UTC (permalink / raw)
To: Linmujia; +Cc: netfilter-devel@vger.kernel.org
On Thu, Nov 26, 2015 at 09:32:02AM +0000, Linmujia wrote:
> Hi,I reviewed nftables code and add some default branch for code itegrality.
>
> Thanks!
>
> Signed-off-by: linmujia <linmujia@huawei.com>
> ---
> src/netlink.c | 25 +++++++++++++++++++++++++
> 1 file changed, 25 insertions(+)
>
> diff --git a/src/netlink.c b/src/netlink.c
> index 974afb1..7821169 100644
> --- a/src/netlink.c
> +++ b/src/netlink.c
> @@ -307,6 +307,8 @@ static void netlink_gen_verdict(const struct expr *expr,
> strncpy(data->chain, expr->chain, NFT_CHAIN_MAXNAMELEN);
> data->chain[NFT_CHAIN_MAXNAMELEN-1] = '\0';
> break;
> + default:
> + BUG("invalid verdict value %u\n", expr->verdict);
> }
> }
> @@ -1670,6 +1672,8 @@ static uint32_t netlink_msg2nftnl_of(uint32_t msg)
> case NFT_MSG_DELSETELEM:
> case NFT_MSG_DELRULE:
> return NFTNL_OF_EVENT_DEL;
> + default:
> + BUG("invalid nft msg type %u\n", msg);
> }
> return 0;
> @@ -1741,6 +1745,8 @@ static int netlink_events_table_cb(const struct nlmsghdr *nlh, int type,
> netlink_msg2nftnl_of(type));
> fprintf(stdout, "\n");
> break;
> + default:
> + BUG("invalid output format %u\n", monh->format);
This will break old nft versions with new kernels, in case we add new
netlink messages.
And that is very likely to happen.
^ permalink raw reply [flat|nested] only message in thread