On 31 May 2017 at 11:13, Eric W. Biederman wrote:
> Florian Westphal writes:
>
>> Quoting Joe Stringer:
>> If a user loads nf_conntrack_ftp, sends FTP traffic through a network
>> namespace, destroys that namespace then unloads the FTP helper module,
>>
Florian Westphal writes:
> Quoting Joe Stringer:
> If a user loads nf_conntrack_ftp, sends FTP traffic through a network
> namespace, destroys that namespace then unloads the FTP helper module,
> then the kernel will crash.
>
> Events that lead to the crash:
> 1. conntrack
David Miller writes:
> From: Florian Westphal
> Date: Tue, 30 May 2017 11:38:12 +0200
>
>> Quoting Joe Stringer:
>> If a user loads nf_conntrack_ftp, sends FTP traffic through a network
>> namespace, destroys that namespace then unloads the FTP helper
From: Florian Westphal
Date: Tue, 30 May 2017 11:38:12 +0200
> Quoting Joe Stringer:
> If a user loads nf_conntrack_ftp, sends FTP traffic through a network
> namespace, destroys that namespace then unloads the FTP helper module,
> then the kernel will crash.
>
> Events
From: Gao Feng
Use the new helper function ebt_invalid_target instead of the old
macro INVALID_TARGET and other duplicated codes to enhance the readability.
Signed-off-by: Gao Feng
---
v2: Replace the target check of ebt_mark/snat, per Pablo
On Wed, May 31, 2017 at 09:28:12AM +0800, gfree.w...@vip.163.com wrote:
> From: Gao Feng
>
> Use the new helper function ebt_invalid_target instead of the old
> macro INVALID_TARGET to enhance the readability.
ebt_mark and _snat can use this too. They seem to be