As the first client of nf_osf userspace header is nft_osf and xt_osf, we
rename it to nfnetlink_osf.h
Suggested-by: Jan Engelhardt
Signed-off-by: Fernando Fernandez Mancera
---
include/linux/netfilter/{nf_osf.h => nfnetlink_osf.h} | 2 +-
include/uapi/linux/netfilter/{nf_osf.h =>
Signed-off-by: Fernando Fernandez Mancera
---
include/linux/netfilter/nf_osf.h | 2 ++
include/uapi/linux/netfilter/nf_osf.h | 2 --
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/netfilter/nf_osf.h b/include/linux/netfilter/nf_osf.h
index
changes in package dependencies for PDF creation (nft.pdf) from asciidoc.
Signed-off-by: Arushi Singhal
---
configure.ac | 10 ++
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/configure.ac b/configure.ac
index c1c9035..06f15c9 100644
--- a/configure.ac
+++ b/configure.ac
Fixes: f102d66b335a4 ("netfilter: nf_tables: use dedicated mutex to guard
transactions")
Signed-off-by: Florian Westphal
---
net/netfilter/nf_tables_api.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index
On 07/31/2018 05:05 PM, Florian Westphal wrote:
> Georgi Nikolov wrote:
>>> No, I think that's rather for the netfilter folks to decide. However, it
>>> seems there has been the debate already [1] and it was not found. The
>>> conclusion was that __GFP_NORETRY worked fine before, so it should
connection tracking zones currently depend on the xtables CT target,
connection tracking labels are handled via hidden dependency that gets
auto-selected by the connlabel match.
Make NF_CONNTRACK_LABELS a normal config knob and make both depend on
either the xtables target/match or the nft
Georgi Nikolov wrote:
> > No, I think that's rather for the netfilter folks to decide. However, it
> > seems there has been the debate already [1] and it was not found. The
> > conclusion was that __GFP_NORETRY worked fine before, so it should work
> > again after it's added back. But now we know
On 07/31/2018 09:38 AM, Vlastimil Babka wrote:
> On 07/30/2018 08:51 PM, Georgi Nikolov wrote:
>> On 07/30/2018 09:38 PM, Michal Hocko wrote:
>>> On Mon 30-07-18 18:54:24, Georgi Nikolov wrote:
>>> [...]
No i was wrong. The regression starts actually with 0537250fdc6c8.
- old code, which
Correct some typo mistakes done while converting man page source to
asciidoc.
Signed-off-by: Arushi Singhal
---
doc/data-types.txt | 33 ++---
doc/nft.txt| 11 ---
doc/payload-expression.txt | 9 +++--
doc/primary-expression.txt |
Shaochun Chen points out we leak dumper filter state allocations
stored in dump_control->data in case there is an error before netlink sets
cb_running (after which ->done will be called at some point).
In order to fix this, add .start functions and move allocations there.
Same pattern as used in
As, ctnl_untimeout is required by nft_ct, so move ctnl_timeout from
nfnetlink_cttimeout to nf_conntrack_timeout and rename as nf_ct_timeout.
Signed-off-by: Harsha Sharma
---
Changes in v3:
- Add static inline definition for nf_ct_untimeout when
CONFIG_NF_CONNTRACK_TIMEOUT is not defined
With this, remove ifdef for NF_CONNTRACK_CTTIMEOUT in nfnetlink_cttimeout.
This is also required for moving ctnl_untimeout from nfnetlink_cttimeout
to nf_conntrack_timeout.
Signed-off-by: Harsha Sharma
---
Changes in v3:
- No changes
Changes in v2:
- No changes
net/netfilter/Kconfig
This patch allows to add, list and delete connection tracking timeout
policies via nft objref infrastructure and assigning these timeout
via nft rule.
%./libnftnl/examples/nft-ct-timeout-add ip raw cttime tcp
Ruleset:
table ip raw {
ct timeout cttime {
protocol tcp
established
El 31 de julio de 2018 7:52:26 CEST, Florian Westphal escribió:
>kbuild test robot wrote:
>> tree:
>https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
>master
>> head: 4ed8eb6570a49931c705512060acd50058d61616
>> commit: f9324952088f1cd62ea4addf9ff532f1e6452a22 [5/7] netfilter:
On 07/30/2018 08:51 PM, Georgi Nikolov wrote:
> On 07/30/2018 09:38 PM, Michal Hocko wrote:
>> On Mon 30-07-18 18:54:24, Georgi Nikolov wrote:
>> [...]
>>> No i was wrong. The regression starts actually with 0537250fdc6c8.
>>> - old code, which opencodes kvmalloc, is masking error but error is
15 matches
Mail list logo