Re: [PATCH 00/14] Modify action API for implementing lockless actions

On Fri, May 25, 2018 at 1:39 PM, Vlad Buslov wrote: > > On Thu 24 May 2018 at 23:34, Cong Wang wrote: >> On Mon, May 14, 2018 at 7:27 AM, Vlad Buslov wrote: >>> Currently, all netlink protocol handlers for updating rules,

Re: [PATCH 00/14] Modify action API for implementing lockless actions

On Thu 24 May 2018 at 23:34, Cong Wang wrote: > On Mon, May 14, 2018 at 7:27 AM, Vlad Buslov wrote: >> Currently, all netlink protocol handlers for updating rules, actions and >> qdiscs are protected with single global rtnl lock which removes any

[PATCHv2 net-next 1/2] ipvs: add full ipv6 support to nfct

Prepare NFCT to support IPv6 for FTP: - Do not restrict the expectation callback to PF_INET - Split the debug messages, so that the 160-byte limitation in IP_VS_DBG_BUF is not exceeded when printing many IPv6 addresses. This means no more than 3 addresses in one message, i.e. 1 tuple with 2

[PATCHv2 net-next 2/2] ipvs: add ipv6 support to ftp

Add support for FTP commands with extended format (RFC 2428): - FTP EPRT: IPv4 and IPv6, active mode, similar to PORT - FTP EPSV: IPv4 and IPv6, passive mode, similar to PASV. EPSV response usually contains only port but we allow real server to provide different address We restrict control and

[PATCHv2 net-next 0/2] Add IPv6 support to IPVS FTP-NAT

The patchset includes two changes to support IPv6 in ip_vs_ftp. The first patch allows IPv6 addresses in ip_vs_nfct.c debugging and removes the AF_INET restriction for netfilter expectations. The second patch changes ip_vs_ftp.c to support EPRT and EPSV commands with extended format (RFC 2428)

[PATCH nft] tests: shell: Add test case for multiple sets

This test case tests the id allocation of nftable set names. Signed-off-by: Varsha Rao --- .../shell/testcases/sets/0034add_many_sets_0 | 25 +++ 1 file changed, 25 insertions(+) create mode 100755 tests/shell/testcases/sets/0034add_many_sets_0 diff

[PATCH nf-next v3] net: netfilter: nf_tables_api: Use id allocation.

In nf_tables_set_alloc_name function, remove get_zeroed_page find_first_zero_bit and set_bit functions. Instead use ida_get_new_above function as it simplifies the code. Signed-off-by: Varsha Rao --- Changes in v2: - Modified the upper limit of page size. Changes in v3: -

Re: [PATCH net-next 2/2] ipvs: add ipv6 support to ftp

Hello, On Fri, 25 May 2018, kbuild test robot wrote: > Hi Julian, > > I love your patch! Perhaps something to improve: > > [auto build test WARNING on net-next/master] > > url: > https://github.com/0day-ci/linux/commits/Julian-Anastasov/Add-IPv6-support-

Re: [PATCH nft] fix printing of "tcp flags syn" and "tcp flags == syn" expressions

Sabrina Dubroca wrote: > Commit 6979625686ec ("relational: Eliminate meta OPs") introduced some > bugs when printing bitmask types. > > First, during the post-processing phase of delinearization, the > expression for "tcp flags syn" (PAYLOAD & flag != 0) gets converted to >

[PATCH nft] fix printing of "tcp flags syn" and "tcp flags == syn" expressions

Commit 6979625686ec ("relational: Eliminate meta OPs") introduced some bugs when printing bitmask types. First, during the post-processing phase of delinearization, the expression for "tcp flags syn" (PAYLOAD & flag != 0) gets converted to PAYLOAD == flag, which is not equivalent. This should be

Re: [PATCH net-next 2/2] ipvs: add ipv6 support to ftp

Hi Julian, I love your patch! Perhaps something to improve: [auto build test WARNING on net-next/master] url: https://github.com/0day-ci/linux/commits/Julian-Anastasov/Add-IPv6-support-to-IPVS-FTP-NAT/20180525-153345 reproduce: # apt-get install sparse make ARCH=x86_64

[PATCH nft,v2] segtree: incorrect handling of comments and timeouts with mapping

Check if expression is a mapping to do the right handling. Fixes: 35fedcf540bf ("segtree: missing comments in range and prefix expressions in sets") Fixes: be90e03dd1fa ("segtree: add timeout for range and prefix expressions in sets") Reported-by: Florian Westphal

[PATCH nft] segtree: incorrect handling of comments and timeouts with mapping

Check if expression is a mapping to do the right handling. Fixes: 35fedcf540bf ("segtree: missing comments in range and prefix expressions in sets") Fixes: be90e03dd1fa ("segtree: add timeout for range and prefix expressions in sets") Reported-by: Florian Westphal

Re: [PATCH net] ipvs: fix buffer overflow with sync daemon and service

On Sat, 19 May 2018 18:22:35 +0300 Julian Anastasov wrote: > The same happens for sched_name when adding/editing virtual server. > > We are restricted by IP_VS_SCHEDNAME_MAXLEN and IP_VS_IFNAME_MAXLEN > being used as size in include/uapi/linux/ip_vs.h, so they > include the space