2016-07-18 11:39 GMT+08:00 :
> From: Gao Feng
>
> Add nf_ct_helper_init, nf_conntrack_helpers_register/unregister
> functions to enhance the conntrack helper codes.
I think this patch is breaking something ...
This irc:
> - if (ports[i] ==
2016-07-04 14:14 GMT+08:00 Christophe Leroy :
>> I think there is no need to convert simple_strtoul to kstrtouint, add
>> a further check seems better?
>> Like this:
>> - if (!cseq) {
>> + if (!cseq && *(*dptr + matchoff) != '0') {
>>
>
> And what about an
2016-07-01 17:48 GMT+08:00 Christophe Leroy :
> Do not drop packet when CSeq is 0 as 0 is also a valid value for CSeq.
>
> --- a/net/netfilter/nf_conntrack_sip.c
> +++ b/net/netfilter/nf_conntrack_sip.c
> @@ -1368,6 +1368,7 @@ static int process_sip_response(struct sk_buff
Hi Justin,
2016-10-05 6:02 GMT+08:00 Justin Piszcz :
> Hello,
>
> kernel 4.8 with ulogd-2.0.5- IPs are no longer logged:
>
> Oct 4 17:51:30 atom INPUT_BLOCK IN=eth1 OUT=
> MAC=00:1b:21:9c:3b:fa:3e:94:d5:d2:49:1e:08:00 LEN=0 TOS=00 PREC=0x00
> TTL=0 ID=0 PROTO=0 MARK=0
>
Hi Chris,
2016-10-10 15:02 GMT+08:00 Chris Caputo :
> On Tue, 4 Oct 2016, Justin Piszcz wrote:
>> kernel 4.8 with ulogd-2.0.5- IPs are no longer logged:
>>
>> Oct 4 17:51:30 atom INPUT_BLOCK IN=eth1 OUT=
>> MAC=00:1b:21:9c:3b:fa:3e:94:d5:d2:49:1e:08:00 LEN=0 TOS=00 PREC=0x00
>>
2016-10-11 2:33 GMT+08:00 Chris Caputo :
>>
>> What numbers did you specify after --nflog-size option?
>> --nflog-size 0 or ...? If you want log the whole packet to
>> the ulogd, please do not specify this nflog-size option.
>
> Not specifying nflog-size does not appear to log the
2016-10-11 11:57 GMT+08:00 Chris Caputo :
> I have tested the above patch with 4.8.1, with and without nflog-size
> defined in an iptables configuration, and it works well.
>
> The ulogd-2.0.5 segfaults no longer happen when nflog-size is not present
> in a target.
>
> I recommend
2017-04-09 16:26 GMT+08:00 Jan Engelhardt :
>
> On Sunday 2017-04-09 05:42, Arushi Singhal wrote:
>>On Sun, Apr 9, 2017 at 1:44 AM, Pablo Neira Ayuso wrote:
>> On Sat, Apr 08, 2017 at 08:21:56PM +0200, Jan Engelhardt wrote:
>> > On Saturday
From: Liping Zhang <zlpnob...@gmail.com>
Commit e7d316a02f68 ("sysctl: handle error writing UINT_MAX to u32 fields")
introduced the proc_douintvec helper function, but it forgot to add
the related sanity check when doing register_sysctl_table. So add it now.
Signed-off-by: Lipi
From: Liping Zhang <zlpnob...@gmail.com>
Currently, inputting the following command will succeed but actually the
value will be truncated:
# echo 0x12 > /proc/sys/net/ipv4/tcp_notsent_lowat
This is not friendly to the user, so instead, we should report error
when the value
From: Liping Zhang <zlpnob...@gmail.com>
I saw some very confusing sysctl output on my system:
# cat /proc/sys/net/core/xfrm_aevent_rseqth
-2
# cat /proc/sys/net/core/xfrm_aevent_etime
-10
cat /proc/sys/net/ipv4/tcp_notsent_lowat
-4294967295
Because we forget to set the *neg
From: Liping Zhang <zlpnob...@gmail.com>
This patch set aims to fix some bugs introduced by commit e7d316a02f68
("sysctl: handle error writing UINT_MAX to u32 fields").
Liping Zhang (3):
sysctl: add sanity check for proc_douintvec
sysctl: don't print negative flag for proc_do
Hi Justin,
2016-10-05 6:02 GMT+08:00 Justin Piszcz :
> Hello,
>
> kernel 4.8 with ulogd-2.0.5- IPs are no longer logged:
>
> Oct 4 17:51:30 atom INPUT_BLOCK IN=eth1 OUT=
> MAC=00:1b:21:9c:3b:fa:3e:94:d5:d2:49:1e:08:00 LEN=0 TOS=00 PREC=0x00
> TTL=0 ID=0 PROTO=0 MARK=0
> Oct 4 17:51:31 atom
Hi Chris,
2016-10-10 15:02 GMT+08:00 Chris Caputo :
> On Tue, 4 Oct 2016, Justin Piszcz wrote:
>> kernel 4.8 with ulogd-2.0.5- IPs are no longer logged:
>>
>> Oct 4 17:51:30 atom INPUT_BLOCK IN=eth1 OUT=
>> MAC=00:1b:21:9c:3b:fa:3e:94:d5:d2:49:1e:08:00 LEN=0 TOS=00 PREC=0x00
>> TTL=0 ID=0
2016-10-11 2:33 GMT+08:00 Chris Caputo :
>>
>> What numbers did you specify after --nflog-size option?
>> --nflog-size 0 or ...? If you want log the whole packet to
>> the ulogd, please do not specify this nflog-size option.
>
> Not specifying nflog-size does not appear to log the whole packet...
2016-10-11 11:57 GMT+08:00 Chris Caputo :
> I have tested the above patch with 4.8.1, with and without nflog-size
> defined in an iptables configuration, and it works well.
>
> The ulogd-2.0.5 segfaults no longer happen when nflog-size is not present
> in a target.
>
> I recommend this fix.
From: Liping Zhang
This patch set aims to fix some bugs introduced by commit e7d316a02f68
("sysctl: handle error writing UINT_MAX to u32 fields").
Liping Zhang (3):
sysctl: add sanity check for proc_douintvec
sysctl: don't print negative flag for proc_douintvec
sysctl: rep
From: Liping Zhang
Currently, inputting the following command will succeed but actually the
value will be truncated:
# echo 0x12 > /proc/sys/net/ipv4/tcp_notsent_lowat
This is not friendly to the user, so instead, we should report error
when the value is larger than UINT_MAX.
Fi
From: Liping Zhang
I saw some very confusing sysctl output on my system:
# cat /proc/sys/net/core/xfrm_aevent_rseqth
-2
# cat /proc/sys/net/core/xfrm_aevent_etime
-10
cat /proc/sys/net/ipv4/tcp_notsent_lowat
-4294967295
Because we forget to set the *negp flag in proc_douintvec, so
From: Liping Zhang
Commit e7d316a02f68 ("sysctl: handle error writing UINT_MAX to u32 fields")
introduced the proc_douintvec helper function, but it forgot to add
the related sanity check when doing register_sysctl_table. So add it now.
Signed-off-by: Liping Zhang
---
fs/proc/pro
2017-04-09 16:26 GMT+08:00 Jan Engelhardt :
>
> On Sunday 2017-04-09 05:42, Arushi Singhal wrote:
>>On Sun, Apr 9, 2017 at 1:44 AM, Pablo Neira Ayuso wrote:
>> On Sat, Apr 08, 2017 at 08:21:56PM +0200, Jan Engelhardt wrote:
>> > On Saturday 2017-04-08 19:21, Arushi Singhal wrote:
>>
2016-07-18 11:39 GMT+08:00 :
> From: Gao Feng
>
> Add nf_ct_helper_init, nf_conntrack_helpers_register/unregister
> functions to enhance the conntrack helper codes.
I think this patch is breaking something ...
This irc:
> - if (ports[i] == IRC_PORT)
> -
2016-07-01 17:48 GMT+08:00 Christophe Leroy :
> Do not drop packet when CSeq is 0 as 0 is also a valid value for CSeq.
>
> --- a/net/netfilter/nf_conntrack_sip.c
> +++ b/net/netfilter/nf_conntrack_sip.c
> @@ -1368,6 +1368,7 @@ static int process_sip_response(struct sk_buff *skb,
> unsigned int
2016-07-04 14:14 GMT+08:00 Christophe Leroy :
>> I think there is no need to convert simple_strtoul to kstrtouint, add
>> a further check seems better?
>> Like this:
>> - if (!cseq) {
>> + if (!cseq && *(*dptr + matchoff) != '0') {
>>
>
> And what about an invalid CSeq that would look
24 matches
Mail list logo