From 707816c8b0508ba7afcee9a13b02bb4261e4bd8c Mon Sep 17 00:00:00 2001 From: Jeremy Sowden Date: Wed, 14 Aug 2019 09:01:28 +0100 Subject: [PATCH 1/2] netfilter: remove deprecation warnings from uapi headers. There are two netfilter userspace headers which contain deprecation warnings. While these headers are not used within the kernel, they are compiled stand-alone for header-testing. Pablo informs me that userspace iptables still refer to these headers, and the intention was to use xt_LOG.h instead and remove these, but userspace was never updated. Remove the warnings. Fixes: 2a475c409fe8 ("kbuild: remove all netfilter headers from header-test blacklist.") Reported-by: kbuild test robot Signed-off-by: Jeremy Sowden Signed-off-by: Pablo Neira Ayuso --- include/uapi/linux/netfilter_ipv4/ipt_LOG.h | 2 -- include/uapi/linux/netfilter_ipv6/ip6t_LOG.h | 2 -- 2 files changed, 4 deletions(-) diff --git a/include/uapi/linux/netfilter_ipv4/ipt_LOG.h b/include/uapi/linux/netfilter_ipv4/ipt_LOG.h index 6dec14ba851b..b7cf2c669f40 100644 --- a/include/uapi/linux/netfilter_ipv4/ipt_LOG.h +++ b/include/uapi/linux/netfilter_ipv4/ipt_LOG.h @@ -2,8 +2,6 @@ #ifndef _IPT_LOG_H #define _IPT_LOG_H -#warning "Please update iptables, this file will be removed soon!" - /* make sure not to change this without changing netfilter.h:NF_LOG_* (!) */ #define IPT_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */ #define IPT_LOG_TCPOPT 0x02 /* Log TCP options */ diff --git a/include/uapi/linux/netfilter_ipv6/ip6t_LOG.h b/include/uapi/linux/netfilter_ipv6/ip6t_LOG.h index 7553a434e4da..23e91a9c2583 100644 --- a/include/uapi/linux/netfilter_ipv6/ip6t_LOG.h +++ b/include/uapi/linux/netfilter_ipv6/ip6t_LOG.h @@ -2,8 +2,6 @@ #ifndef _IP6T_LOG_H #define _IP6T_LOG_H -#warning "Please update iptables, this file will be removed soon!" - /* make sure not to change this without changing netfilter.h:NF_LOG_* (!) */ #define IP6T_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */ #define IP6T_LOG_TCPOPT 0x02 /* Log TCP options */ From 83c156d3ecc0121d27dc2b7f34e829b265c70c4f Mon Sep 17 00:00:00 2001 From: Nathan Chancellor Date: Wed, 14 Aug 2019 09:58:09 -0700 Subject: [PATCH 2/2] netfilter: nft_bitwise: Adjust parentheses to fix memcmp size argument clang warns: net/netfilter/nft_bitwise.c:138:50: error: size argument in 'memcmp' call is a comparison [-Werror,-Wmemsize-comparison] if (memcmp(&priv->xor, &zero, sizeof(priv->xor) || ~~~~~~~~~~~~~~~~~~^~ net/netfilter/nft_bitwise.c:138:6: note: did you mean to compare the result of 'memcmp' instead? if (memcmp(&priv->xor, &zero, sizeof(priv->xor) || ^ ) net/netfilter/nft_bitwise.c:138:32: note: explicitly cast the argument to size_t to silence this warning if (memcmp(&priv->xor, &zero, sizeof(priv->xor) || ^ (size_t)( 1 error generated. Adjust the parentheses so that the result of the sizeof is used for the size argument in memcmp, rather than the result of the comparison (which would always be true because sizeof is a non-zero number). Fixes: bd8699e9e292 ("netfilter: nft_bitwise: add offload support") Link: https://github.com/ClangBuiltLinux/linux/issues/638 Reported-by: kbuild test robot Signed-off-by: Nathan Chancellor Reviewed-by: Nick Desaulniers Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nft_bitwise.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c index 1f04ed5c518c..974300178fa9 100644 --- a/net/netfilter/nft_bitwise.c +++ b/net/netfilter/nft_bitwise.c @@ -135,8 +135,8 @@ static int nft_bitwise_offload(struct nft_offload_ctx *ctx, { const struct nft_bitwise *priv = nft_expr_priv(expr); - if (memcmp(&priv->xor, &zero, sizeof(priv->xor) || - priv->sreg != priv->dreg)) + if (memcmp(&priv->xor, &zero, sizeof(priv->xor)) || + priv->sreg != priv->dreg) return -EOPNOTSUPP; memcpy(&ctx->regs[priv->dreg].mask, &priv->mask, sizeof(priv->mask));