Some compilers seem to think that there is some uninitialised usage
here. Work around this.
Closes#1891
Change-Id: Ic97a4b589fd2a0c33418a209557b7ce29009c7bf
These don't actually do anything right now as these function don't do an
early return, but having these in place will make things more future
proof.
Change-Id: I05b82a4366847e0eff1d1392885cf086516df053
NFTNL_EXPR_TG_INFO actually expects the info data to be heap allocated
via malloc(), as it will free() it when the expression is freed via
nftnl_expr_free().
No symbol table info available.
No symbol table info available.
No symbol table info available.
No locals.
No locals.
r = 0x55e087c75130
err = <optimized out>
err = <optimized out>
args=args@entry=0x7ffc80943460) at ./nftables.c:593
err = <optimized out>
nl = 0x55e087c4add0
seq = 1711621092
err = 0x0
nl = <optimized out>
seq = <optimized out>
err = <optimized out>
No locals.
Log:
rtpengine[269176]: INFO: [crypto] Generating new DTLS certificate
rtpengine[269176]: DEBUG: [crypto] Using EC-prime256v1 key for DTLS certificate
rtpengine[269176]: free(): invalid pointer
rtpengine[269792]: INFO: [crypto] Generating new DTLS certificate
rtpengine[269792]: DEBUG: [crypto] Using EC-prime256v1 key for DTLS certificate
rtpengine[269792]: free(): invalid pointer
rtpengine[270372]: INFO: [crypto] Generating new DTLS certificate
rtpengine[270372]: DEBUG: [crypto] Using EC-prime256v1 key for DTLS certificate
rtpengine[270372]: free(): invalid pointer
rtpengine[2487]: INFO: [crypto] Generating new DTLS certificate
rtpengine[2487]: DEBUG: [crypto] Using EC-prime256v1 key for DTLS certificate
rtpengine[2487]: free(): invalid pointer
Change-Id: Id67a4bb4cd3627d7ea6aed1b9f7d73b80ed676c8
We cannot directly use the rule_scratch area when checking for the
nftables status, as this scratch area is re-initialised for each rule.
Instead add check_matched_flag() to be called after each rule was
parsed, and use it to set a corresponding iterate_scratch flag.
closes#1794
Change-Id: Ie954a91949d09887b9a293f4010bb08e78100145
These aren't only used to match "immediate" rules, so rename them
accordingly. Make it more clear what check_matched_queue() does.
Change-Id: Ie2d48c075e79c24ac120673bc7c0445c3686326f
If base chain is "none", the admin is responsible for jumping into the
custom chain. Don't remove jumps the admin migth have setup.
closes#1787
Change-Id: I9980acb12fb1abb0883b22aceab2719087768763
When base chain is "none", the admin is required to manage jumping into the
rtpengine chain. The chain can't be deleted if it is still referenced by
another rule, which is common in this configuration.
closes#1787
Change-Id: I8a72e1041a364db60870b5acececc234c8452bab
Telling netlink to create a chain that already exists should technically
be a no-op, BUT it still sets the policy to whatever was given as a side
effect. Make sure we don't change the policy by explicitly checking for
the chain's existence.
closes#1785
Change-Id: I526a4e2a0f9d1dcc6e0e00a6e273e4df55863d6c
In the file implementations follow the rules:
1. Firstly goes the correlated header file, then one empty row.
2. Secondly go system headers, so in angle-brackets, then one empty row.
3. Thirdly, go custom header files, so in double quotes,
then one empty row.
4. If there is "xt_RTPENGINE.h", it's mentioned next, but separately,
then one empty row.
5. If there are pre-processor definitions, they are added.
6. And eventually at least one empty row before the code.
In some situations it's allowed to step aside from the rules,
when inclusions are dependent on each other, so on the sequence,
and also possibly on some inline objects definitions, but if possible
to follow the rules, it's being done.
Change-Id: Ie512a970e230fe202398656d1942e8874bb14cd9
For the use case with a separate base chain, we want to preempt other
firewall rules by default and insert our immediate jump rule at the
beginning, rather than at the end. Add an option to provide the other
behaviour.
Change-Id: I16171f7c028c89b94823ecc99387771be3ba9443
If we're not using a separate base chain, create the target rule with
the UDP filter in place, same as the "immediate" rule in the case with a
base chain.
Reported in #1732
Change-Id: I0e67a88f5f51e21ba9537c87e2955f910dd6ec2c
Setting the target info of an `expr` object doesn't result on the data
being copied by libnftnl (unlike other objects). Use static storage to
fix invalid pointer usage.
Reported in #984Closes#1731
Change-Id: Ic5c156a83504a24fb618d770ba53cd1ec4fb2435
Richard Fuchs
Alex Hermann
Donat Zenichev