Hi all,
On Mon, 7 May 2018 10:55:19 +1000 Stephen Rothwell
wrote:
>
> After merging the netfilter-next tree, today's linux-next build (x86_64
> allmodconfig) produced this warning:
>
> ./usr/include/linux/netfilter/nf_osf.h:25: found __[us]{8,16,32,64} type
> without
Máté Eckl wrote:
> I have been working on a skeleton for socket matching which is required by
> tproxy support.
>
> See the WIP patch below and please comment if you have something to note.
Excellent, thanks for working on this.
> My thoughts:
> * The parser is fine with
Hi,
I have been working on a skeleton for socket matching which is required by
tproxy support.
See the WIP patch below and please comment if you have something to note.
My thoughts:
* The parser is fine with this version of socket matching, matching the flags is
still to be implemented.
* We
It did not make any harm, but it was certainly missing.
Signed-off-by: Máté Eckl
---
src/parser_bison.y | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index eed6000..7238a94 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
I added and verified these tests after applying Florian's fixed wrt.
nf_nat_range2 size for rev2.
Signed-off-by: Thierry Du Tre
---
extensions/libip6t_DNAT.t | 5 +
extensions/libipt_DNAT.t | 5 +
2 files changed, 10 insertions(+)
diff --git
Chris Caudle wrote:
> I need to update a driver which using nf_register_hook() and
> nf_unregister_hook(); calls to those functions fail on recent kernels, so
> I need to change to (according to gcc error message recommendation)
> nf_register_net_hook() and
I need to update a driver which using nf_register_hook() and
nf_unregister_hook(); calls to those functions fail on recent kernels, so
I need to change to (according to gcc error message recommendation)
nf_register_net_hook() and nf_unregister_net_hook().
The documentation I found while searching
-n still flushes user-defined chains and its content, the following snippet:
iptables-compat -N FOO
iptables-compat -I INPUT
iptables-compat -I FOO
iptables-compat -I FOO
iptables-compat-save > A
iptables-compat-restore < A
iptables-compat -N BAR
iptables-compat -A BAR
Under rare conditions its possible that nfnetlink dump of nft
ruleset will not return any result.
Problem occurs when netlink_dump() is invoked for first time,
in response to incoming dump request.
In that case, netlink socket hasn't recored the size of the userspace
buffer yet, as userspace did
# iptables-compat -X
iptables: No chain/target/match by that name.
While it should display no error message at all.
Signed-off-by: Pablo Neira Ayuso
---
iptables/nft.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/iptables/nft.c b/iptables/nft.c
-n still flushes user-defined chains and its content, the following snippet:
iptables-compat -N FOO
iptables-compat -I INPUT
iptables-compat -I FOO
iptables-compat -I FOO
iptables-compat-save > A
iptables-compat-restore < A
iptables-compat -N BAR
iptables-compat-restore -n < A
results
These two patches fix handling of large xtables matches from nft_compat.
First patch just separates the match handling functions to not assume
matchinfo is stored in expr private area.
Second patch is the actual fix.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel"
currently matchinfo gets stored in the expression, but some xt matches
are very large.
To handle those we either need to switch nft core to kvmalloc and increase
size limit, or allocate the info blob of large matches separately.
This does the latter, this limits the scope of the changes to
Next patch will make it possible for *info to be stored in
a separate allocation instead of the expr private area.
This removes the 'expr priv area is info blob' assumption
from the match init/destroy/eval functions.
Signed-off-by: Florian Westphal
---
On Thu, May 03, 2018 at 10:02:18PM +0300, Julian Anastasov wrote:
> Local clients are not properly synchronized on 32-bit CPUs when
> updating stats (3.10+). Now it is possible estimation_timer (timer),
> a stats reader, to interrupt the local client in the middle of
> write_seqcount_{begin,end}
Hi Kristian,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
[also build test WARNING on v4.17-rc3 next-20180504]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
16 matches
Mail list logo