[PATCH] net: netfilter: netlink: delete extra spaces

2017-05-11 Thread linzhang
This patch cleans up extra spaces. Signed-off-by: linzhang --- net/netfilter/nf_conntrack_netlink.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index dcf561b..356e6f0

[PATCH] netfilter: synproxy: fix conntrackd interaction

2017-05-11 Thread Eric Leblond
This patch fixes the creation of connection tracking entry from netlink when synproxy is used. It was missing the addition of the synproxy extension. This was causing kernel crashes when a conntrack entry created by conntrackd was used after the switch of traffic from active node to the passive

Re: [PATCH] netfilter: synproxy: fix conntrackd interaction

2017-05-11 Thread Jesper Dangaard Brouer
On Thu, 11 May 2017 15:22:55 +0200 Eric Leblond wrote: > This patch fixes the creation of connection tracking entry from > netlink when synproxy is used. It was missing the addition of > the synproxy extension. > > This was causing kernel crashes when a conntrack entry created

[PATCH] netfilter: synproxy: fix conntrackd interaction

2017-05-11 Thread Eric Leblond
This patch fixes the creation of connection tracking entry from netlink when synproxy is used. It was missing the addition of the synproxy extension. This was causing kernel crashes when a conntrack entry created by conntrackd was used after the switch of traffic from active node to the passive

Re: [nft PATCH RFC] monitor: Support printing processes which caused the event

2017-05-11 Thread Pablo Neira Ayuso
On Thu, May 11, 2017 at 10:27:46AM +0200, Phil Sutter wrote: > On Thu, May 11, 2017 at 08:59:27AM +0200, Florian Westphal wrote: > > Pablo Neira Ayuso wrote: > > > What is the usecase for this? Please don't tell me the obvious the > > > answer: I just want to know what

Re: [nft PATCH RFC] monitor: Support printing processes which caused the event

2017-05-11 Thread Phil Sutter
On Thu, May 11, 2017 at 08:59:27AM +0200, Florian Westphal wrote: > Pablo Neira Ayuso wrote: > > What is the usecase for this? Please don't tell me the obvious the > > answer: I just want to know what process has modified what. > > > > If the point is to know if someone

Re: [nft PATCH RFC] monitor: Support printing processes which caused the event

2017-05-11 Thread Pablo Neira Ayuso
On Wed, May 10, 2017 at 07:59:20PM +0200, Florian Westphal wrote: > Phil Sutter wrote: > > > I don't find it ugly, but alternatively we could add a new type of info > > > sent at the beginning of the commit phase (before all the table/rule etc > > > updates) and include it there. > >

Re: [nft PATCH RFC] monitor: Support printing processes which caused the event

2017-05-11 Thread Florian Westphal
Pablo Neira Ayuso wrote: > What is the usecase for this? Please don't tell me the obvious the > answer: I just want to know what process has modified what. > > If the point is to know if someone else, not myself as a process, has > modified the ruleset, that is very easy to