Hi all,
After merging the netfilter-next tree, today's linux-next build (x86_64
allmodconfig) produced this warning:
In file included from arch/x86/include/asm/checksum.h:4:0,
from include/net/checksum.h:26,
from include/linux/skbuff.h:31,
from i
conntrack depends on defrag support, but not vice versa, so we cannot
place defrag_ipv4/6 into netns->ct:
net/ipv4/netfilter/nf_defrag_ipv4.c:110:9: error: 'struct net' has no member
named 'ct'
Move it into net->nf.
Reported-by: kbuild test robot
Signed-off-by: Florian Westphal
---
Pablo, if
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
head: 7464293d4266a7b29565a4705d3fb2339350f9e2
commit: 018914b2c913bcc9c571ae5a781280c76a15ddad [18/28] netfilter: defrag:
only register defrag functionality if needed
config: i386-randconfig-i1-201649 (attached as
On Fri, Dec 02, 2016 at 12:24:39PM +0100, Arturo Borrero Gonzalez wrote:
> There has been a long adaptation time already, with several conntrack-tools
> releases in the meantime.
>
> Users migrating from an old conntrackd to a current one are required
> to update their config file.
Also applied,
On Fri, Dec 02, 2016 at 11:29:38AM +0100, Arturo Borrero Gonzalez wrote:
> Produces this:
> warning: implicit declaration of function 'dlog'
Applied, thanks Arturo.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
On Tue, Nov 08, 2016 at 11:06:37PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> "dalega...@gmail.com" reports that when inserting an element into a
> verdict map, kernel crash will happen. Now add this test case so we
> can avoid future regressions fail.
Applied, thanks Liping.
--
To unsu
On Tue, Nov 15, 2016 at 10:01:41AM +0100, Simon Horman wrote:
> Hi Pablo,
>
> please consider these enhancements to the IPVS for v4.10.
>
> * Decrement the IP ttl in all the modes in order to prevent infinite
> route loops. Thanks to Dwip Banerjee.
> * Use IS_ERR_OR_NULL macro. Clean-up from Ga
On Wed, Nov 23, 2016 at 10:12:21PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> Otherwise, if fib lookup fail, *dest will be filled with garbage value,
> so reverse path filtering will not work properly:
> # nft add rule x prerouting fib saddr oif eq 0 drop
Also applied, thanks.
--
To un
On Wed, Nov 23, 2016 at 10:12:20PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> Acctually ntohl and htonl are identical, so this doesn't affect
> anything, but it is conceptually wrong.
Applied, thanks Liping.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" i
On Fri, Nov 25, 2016 at 12:32:07PM +0800, f...@ikuai8.com wrote:
> From: Gao Feng
>
> I lost one test case in the last commit for xt_multiport.
> For example, the rule is "-m multiport --dports 22,80,443".
> When first port is unmatched and the second is matched, the curent codes
> could not retu
On Tue, Nov 15, 2016 at 09:36:38PM +0100, Florian Westphal wrote:
> Historically all the netfilter hooks got registered on module load time.
>
> When net namespace support was added, hooks were registered in each
> namespace (and new net namespaces inherit already-registered hooks from
> global li
On Tue, Nov 15, 2016 at 05:48:43PM -0500, Aaron Conole wrote:
> This series introduces a set of accessors, compacts the nf_hook_entry, and
> rearranges some of the loops in preparation for the final set of work going
> to an array based hook system.
>
> After this series, the nf_hook_entry should
On Tue, Nov 22, 2016 at 02:44:16PM +0100, Florian Westphal wrote:
> ... to speed up iptables(-restore) calls.
>
> Especially a pattern like
>
> for i in $(seq 1 1000) ; iptables -A FORWARD ;done
>
> is expensive, because adding the rule doubles the percpu counters (allocate
> 2nd b
On Thu, Oct 20, 2016 at 06:33:00PM +0200, Davide Caratti wrote:
> Version 2 changes:
> - use #ifdef ... in place of #if IS_ENABLED()
> - add footprint test results
>
> The above L4 protocols usually need an explicit modprobe command (e.g
> "modprobe nf_nat_proto_sctp") to provide full functionalit
On Mon, Nov 14, 2016 at 10:39:25PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> In netdev family, we will handle non ethernet packets, so using
> eth_hdr(skb)->h_proto is incorrect.
>
> Meanwhile, we can use socket(AF_PACKET...) to sending packets, so
> skb->protocol is not always set in
On Mon, Nov 14, 2016 at 10:41:08PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> So we can autoload nfnetlink_log.ko when the user adding nft log
> group X rule in netdev family.
Also applied, thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body
On Tue, Nov 15, 2016 at 03:08:23PM +0100, Davide Caratti wrote:
> When netfilter needs to match traffic made by one of the above protocols,
> layer-4 connection tracking functionality will not be available, unless the
> user explicly loads it in the kernel (e.g. "modprobe nf_conntrack_proto_sctp")
From: Eric Dumazet
1) Old code was hard to maintain, due to complex lock chains.
(We probably will be able to remove some kfree_rcu() in callers)
2) Using a single timer to update all estimators does not scale.
3) Code was buggy on 32bit kernel (WRITE_ONCE() on 64bit quantity
is not suppo
On Sat, 2016-12-03 at 23:18 -0800, Eric Dumazet wrote:
> From: Eric Dumazet
>
> 1) Old code was hard to maintain, due to complex lock chains.
>(We probably will be able to remove some kfree_rcu() in callers)
>
> 2) Using a single timer to update all estimators does not scale.
>
> 3) Code wa
Hi Eric,
[auto build test WARNING on net-next/master]
url:
https://github.com/0day-ci/linux/commits/Eric-Dumazet/net_sched-gen_estimator-complete-rewrite-of-rate-estimators/20161204-185201
reproduce: make htmldocs
All warnings (new ones prefixed by >>):
include/net/sock.h:467: w
Liping Zhang wrote:
> From: Liping Zhang
>
> Otherwise, DHCP Discover packets(0.0.0.0->255.255.255.255) may be
> dropped incorrectly.
LGTM.
Acked-by: Florian Westphal
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel
Hi Eric,
[auto build test WARNING on net-next/master]
url:
https://github.com/0day-ci/linux/commits/Eric-Dumazet/net_sched-gen_estimator-complete-rewrite-of-rate-estimators/20161204-182009
reproduce: make htmldocs
All warnings (new ones prefixed by >>):
include/net/sock.h:467: w
22 matches
Mail list logo
