Re: [PATCH nf-next] netns: add and use net_ns_barrier

On 31 May 2017 at 11:13, Eric W. Biederman wrote: > Florian Westphal writes: > >> Quoting Joe Stringer: >> If a user loads nf_conntrack_ftp, sends FTP traffic through a network >> namespace, destroys that namespace then unloads the FTP helper module, >>

Re: [PATCH nf-next] netns: add and use net_ns_barrier

Florian Westphal writes: > Quoting Joe Stringer: > If a user loads nf_conntrack_ftp, sends FTP traffic through a network > namespace, destroys that namespace then unloads the FTP helper module, > then the kernel will crash. > > Events that lead to the crash: > 1. conntrack

Re: [PATCH nf-next] netns: add and use net_ns_barrier

David Miller writes: > From: Florian Westphal > Date: Tue, 30 May 2017 11:38:12 +0200 > >> Quoting Joe Stringer: >> If a user loads nf_conntrack_ftp, sends FTP traffic through a network >> namespace, destroys that namespace then unloads the FTP helper

Re: [PATCH nf-next] netns: add and use net_ns_barrier

From: Florian Westphal Date: Tue, 30 May 2017 11:38:12 +0200 > Quoting Joe Stringer: > If a user loads nf_conntrack_ftp, sends FTP traffic through a network > namespace, destroys that namespace then unloads the FTP helper module, > then the kernel will crash. > > Events

[PATCH v2 nf-next] netfilter: ebt: Use new helper ebt_invalid_target to check target

From: Gao Feng Use the new helper function ebt_invalid_target instead of the old macro INVALID_TARGET and other duplicated codes to enhance the readability. Signed-off-by: Gao Feng --- v2: Replace the target check of ebt_mark/snat, per Pablo

Re: [PATCH nf-next] netfilter: ebt: Use ebt_invalid_target instead of INVALID_TARGET

On Wed, May 31, 2017 at 09:28:12AM +0800, gfree.w...@vip.163.com wrote: > From: Gao Feng > > Use the new helper function ebt_invalid_target instead of the old > macro INVALID_TARGET to enhance the readability. ebt_mark and _snat can use this too. They seem to be