On 06/10/2016 12:21 AM, Daniel Borkmann wrote:
On 06/09/2016 11:35 PM, Florian Westphal wrote:
Saeed Mahameed wrote:
index a1bd161..67de200 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -382,6 +382,7 @@ struct file *sock_alloc_file(struct socket *sock, int
flags, const
On 06/09/2016 11:35 PM, Florian Westphal wrote:
Saeed Mahameed wrote:
index a1bd161..67de200 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -382,6 +382,7 @@ struct file *sock_alloc_file(struct socket *sock, int
flags, const char *dname)
}
sock->file =
On Thu, 2016-06-09 at 23:50 +0300, Saeed Mahameed wrote:
> From: Matthew Finlay
> diff --git a/net/socket.c b/net/socket.c
> index a1bd161..67de200 100644
> --- a/net/socket.c
> +++ b/net/socket.c
> @@ -382,6 +382,7 @@ struct file *sock_alloc_file(struct socket *sock, int
>
Add translation for cgroup to nft. Path parameter not supported in nft
yet.
Examples:
$ sudo iptables-translate -t filter -A INPUT -m cgroup --cgroup 0 -j ACCEPT
nft add rule ip filter INPUT meta cgroup 0 counter accept
$ sudo iptables-translate -t filter -A INPUT -m cgroup ! --cgroup 0 -j
On Wed, 2016-06-08 at 19:38 +0200, Pablo Neira Ayuso wrote:
> On Wed, Jun 08, 2016 at 07:31:21PM +0200, Pablo Neira Ayuso wrote:
> > Then you can follow up with a patch to add this function.
> >
> > Just a suggestion, let me know if this is fine with you.
> Forget this idea.
>
> Actually your
On 06/08/2016 08:16 AM, Pablo Neira Ayuso wrote:
> Looking again at your code:
>
> case NFULNL_COPY_PACKET:
> - if (inst->copy_range > skb->len)
> + data_len = inst->copy_range;
> + if (li->u.ulog.copy_len < data_len)
> +