lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 11 Jan 2022 15:28:58 +0100
From:   Florian Westphal <fw@...len.de>
To:     Tom Rix <trix@...hat.com>
Cc:     Pablo Neira Ayuso <pablo@...filter.org>, kadlec@...filter.org,
        fw@...len.de, davem@...emloft.net, kuba@...nel.org,
        netfilter-devel@...r.kernel.org, coreteam@...filter.org,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] netfilter: extend CONFIG_NF_CONNTRACK compile time checks

Tom Rix <trix@...hat.com> wrote:
> 
> On 1/11/22 1:46 AM, Pablo Neira Ayuso wrote:
> > Hi,
> > 
> > On Sat, Dec 25, 2021 at 09:37:44AM -0800, trix@...hat.com wrote:
> > > From: Tom Rix <trix@...hat.com>
> > > 
> > > Extends
> > > commit 83ace77f5117 ("netfilter: ctnetlink: remove get_ct indirection")
> > > 
> > > Add some compile time checks by following the ct and ctinfo variables
> > > that are only set when CONFIG_NF_CONNTRACK is enabled.
> > > 
> > > In nfulnl_log_packet(), ct is only set when CONFIG_NF_CONNTRACK
> > > is enabled. ct's later use in __build_packet_message() is only
> > > meaningful when CONFIG_NF_CONNTRACK is enabled, so add a check.
> > > 
> > > In nfqnl_build_packet_message(), ct and ctinfo are only set when
> > > CONFIG_NF_CONNTRACK is enabled.  Add a check for their decl and use.
> > > 
> > > nfqnl_ct_parse() is a static function, move the check to the whole
> > > function.
> > > 
> > > In nfqa_parse_bridge(), ct and ctinfo are only set by the only
> > > call to nfqnl_ct_parse(), so add a check for their decl and use.
> > > 
> > > Consistently initialize ctinfo to 0.
> > Are compile warning being trigger without this patch, maybe with
> > CONFIG_NF_CONNTRACK=n?
> 
> No compiler warnings, this was found by visual inspection.
> 
> Robot says to entend more, so I want to make sure a human is also
> interested.

I hoped compiler was able to remove that without aid of preprocessor :/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ