@@ -21,8 +21,8 @@ static char buf[512];
* ANy brave soul to write it using xtables-devel?
*/
-static const char *nf_conn_cmd = "%s %s -t filter %s %s --protocol tcp "
- "--source %s --sport %d --destination %s --dport %d -j DROP";
+#define NF_CONN_CMD "%s %s -t filter %s %s --protocol tcp " \
+ "--source %s --sport %d --destination %s --dport %d -j DROP"
static char iptable_cmd_ipv4[] = "iptables";
static char iptable_cmd_ipv6[] = "ip6tables";
@@ -73,7 +73,7 @@ static int nf_connection_switch_raw(int family, u32 *src_addr, u16 src_port,
return -1;
}
- snprintf(buf, sizeof(buf), nf_conn_cmd, cmd,
+ snprintf(buf, sizeof(buf), NF_CONN_CMD, cmd,
kdat.has_xtlocks ? "-w" : "",
lock ? "-A" : "-D",
input ? "INPUT" : "OUTPUT",
TL;DR: this allows to check if printf argument types are valid. Apparently, gcc is not able to check if the printf arguments are in sync with the format string, it a string is not a literal. This can be seen by compiling the code with -Wformat-nonliteral: CC criu/netfilter.o criu/netfilter.c: In function ‘nf_connection_switch_raw’: criu/netfilter.c:80:4: error: format not a string literal, argument types not checked [-Werror=format-nonliteral] dip, (int)dst_port, sip, (int)src_port); Unfortunately we can't just add -Wformat-nonliteral to CFLAGS as there is at least one other place in the code what uses non-literal string as a format string for printf-like function. In this very case, though, there is no need to use a non-literal, so change it to a define. Signed-off-by: Kir Kolyshkin <kir@openvz.org> --- criu/netfilter.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)