Hi Liping,
At 2017-05-05 09:59:06, "Liping Zhang" wrote:
>Hi Feng,
>
>2017-05-05 8:55 GMT+08:00 :
>[...]
>> +static void
>> +nf_ct_flush_expect(const struct module *me)
>> +{
>> + struct nf_conntrack_expect *exp;
>> + const struct
Hi Feng,
2017-05-05 8:55 GMT+08:00 :
[...]
> +static void
> +nf_ct_flush_expect(const struct module *me)
> +{
> + struct nf_conntrack_expect *exp;
> + const struct hlist_node *next;
> + u32 i;
> +
> + if (!me)
> + return;
> +
> +
From: Gao Feng
Rename struct nf_ct_helper_expectfn to nf_ct_nat_helper, and rename
other functions or variables which refer to it.
The new name is better than the old one.
Signed-off-by: Gao Feng
---
v6: Rename the helper name of ftp, tftp.. to
From: Gao Feng
Because the conntrack NAT module could be rmmod anytime, so we should
really leave things in clean state if such thing happens and make sure
we don't leave any packet running over code that will be gone after the
removal.
We only removed the expectations
From: Gao Feng
There are multiple proto nat modules which depend on the follow_master_nat
in the nf_nat_core. When this module is gone, all modules which refers to
it could not work well.
Now register one struct nf_ct_nat_helper in every proto nat module, it makes
sure
On Thu, May 04, 2017 at 05:37:25PM +0200, Thomas Woerner wrote:
> On 05/04/2017 03:44 PM, Florian Westphal wrote:
> > Pablo Neira Ayuso wrote:
> >> On Thu, May 04, 2017 at 02:34:21PM +0200, Phil Sutter wrote:
> >>> Being able to retrieve an added rule's handle atomically is a
On Thu, May 04, 2017 at 04:00:42PM +0200, Pablo Neira Ayuso wrote:
> On Thu, May 04, 2017 at 03:44:19PM +0200, Florian Westphal wrote:
> > Pablo Neira Ayuso wrote:
> > > On Thu, May 04, 2017 at 02:34:21PM +0200, Phil Sutter wrote:
> > > > Being able to retrieve an added
Hello,
On Thu, 4 May 2017, Pablo Neira Ayuso wrote:
> On Mon, May 01, 2017 at 04:45:34PM +0300, Julian Anastasov wrote:
> > Hello,
> >
> > The following patches are rediffs for "ipvs: SNAT packet replies
> > only for NATed connections" for different stable kernels:
> >
> > The
On Thu, May 04, 2017 at 06:09:31PM +0200, Florian Westphal wrote:
> currently nft can lists sets:
> nft list sets
>
> but unlike e.g. 'quotas' or 'counters' we didn't support
> restricting it to a table. Now its possible to restrict set
> definition listing to one table:
>
> nft list sets table
currently nft can lists sets:
nft list sets
but unlike e.g. 'quotas' or 'counters' we didn't support
restricting it to a table. Now its possible to restrict set
definition listing to one table:
nft list sets table inet filter
Signed-off-by: Florian Westphal
---
src/evaluate.c
On 05/04/2017 03:44 PM, Florian Westphal wrote:
Pablo Neira Ayuso wrote:
On Thu, May 04, 2017 at 02:34:21PM +0200, Phil Sutter wrote:
Being able to retrieve an added rule's handle atomically is a crucial
feature for scripts invoking nft command: Without it, there is no
On Thu, May 04, 2017 at 03:35:44PM +0200, Pablo Neira Ayuso wrote:
> On Thu, May 04, 2017 at 02:34:17PM +0200, Phil Sutter wrote:
> > This allows user space to reliably match kernel generated handles with
> > added rules for reference.
> >
> > Signed-off-by: Phil Sutter
> > ---
> >
On Mon, May 01, 2017 at 04:45:34PM +0300, Julian Anastasov wrote:
> Hello,
>
> The following patches are rediffs for "ipvs: SNAT packet replies
> only for NATed connections" for different stable kernels:
>
> The official patch for the net tree (will come from Simon) works for:
> 4.9.25,
On Thu, 2017-05-04 at 15:49 +0200, Andrey Konovalov wrote:
> On Fri, Feb 24, 2017 at 3:56 AM, Florian Westphal wrote:
> > Andrey Konovalov wrote:
> >
> > [ CC Paolo ]
> >
> > > I've got the following error report while fuzzing the kernel with
> > >
On Fri, Feb 24, 2017 at 3:56 AM, Florian Westphal wrote:
> Andrey Konovalov wrote:
>
> [ CC Paolo ]
>
>> I've got the following error report while fuzzing the kernel with syzkaller.
>>
>> On commit c470abd4fde40ea6a0846a2beab642a578c0b8cd (4.10).
>>
>>
Pablo Neira Ayuso wrote:
> On Thu, May 04, 2017 at 02:34:21PM +0200, Phil Sutter wrote:
> > Being able to retrieve an added rule's handle atomically is a crucial
> > feature for scripts invoking nft command: Without it, there is no way to
> > be sure a handle extracted from
On Thu, May 04, 2017 at 02:34:21PM +0200, Phil Sutter wrote:
> Being able to retrieve an added rule's handle atomically is a crucial
> feature for scripts invoking nft command: Without it, there is no way to
> be sure a handle extracted from 'nft list ruleset' command actually
> refers to the rule
On Thu, May 04, 2017 at 02:34:17PM +0200, Phil Sutter wrote:
> This allows user space to reliably match kernel generated handles with
> added rules for reference.
>
> Signed-off-by: Phil Sutter
> ---
> net/netfilter/nf_tables_api.c | 19 ++-
> 1 file changed, 18
Being able to retrieve an added rule's handle atomically is a crucial
feature for scripts invoking nft command: Without it, there is no way to
be sure a handle extracted from 'nft list ruleset' command actually
refers to the rule one has added before or that of another process which
ran in
This allows user space to reliably match kernel generated handles with
added rules for reference.
Signed-off-by: Phil Sutter
---
net/netfilter/nf_tables_api.c | 19 ++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_tables_api.c
On Tue, May 02, 2017 at 07:51:27PM +0200, Phil Sutter wrote:
> This adds documentation about masquerade and redirect statements, points
> out that for any NAT statement both prerouting and postrouting chains
> are required and adds a bunch of examples to the section's end.
Applied, thanks.
--
To
On 2 May 2017 at 19:51, Phil Sutter wrote:
> This adds documentation about masquerade and redirect statements, points
> out that for any NAT statement both prerouting and postrouting chains
> are required and adds a bunch of examples to the section's end.
>
> Signed-off-by: Phil
22 matches
Mail list logo