On Mon, Dec 5, 2016 at 7:20 PM, Florian Westphal wrote:
> Willem de Bruijn wrote:
>> While we're discussing the patch, another question, about revisions: I
>> tested both modified and original iptables binaries on both standard
>> and modified kernels. It all works as expected, except for the cas
Willem de Bruijn wrote:
> While we're discussing the patch, another question, about revisions: I
> tested both modified and original iptables binaries on both standard
> and modified kernels. It all works as expected, except for the case
> where both binaries are used on a single kernel. For insta
On Mon, Dec 5, 2016 at 6:29 PM, Willem de Bruijn wrote:
> On Mon, Dec 5, 2016 at 6:22 PM, Pablo Neira Ayuso wrote:
>> On Mon, Dec 05, 2016 at 06:06:05PM -0500, Willem de Bruijn wrote:
>> [...]
>>> Eric also suggests a private variable to avoid being subject to
>>> changes to PATH_MAX. Then we can
On Mon, Dec 5, 2016 at 6:22 PM, Pablo Neira Ayuso wrote:
> On Mon, Dec 05, 2016 at 06:06:05PM -0500, Willem de Bruijn wrote:
> [...]
>> Eric also suggests a private variable to avoid being subject to
>> changes to PATH_MAX. Then we can indeed also choose an arbitrary lower
>> length than current P
On Mon, Dec 05, 2016 at 06:06:05PM -0500, Willem de Bruijn wrote:
[...]
> Eric also suggests a private variable to avoid being subject to
> changes to PATH_MAX. Then we can indeed also choose an arbitrary lower
> length than current PATH_MAX.
Good.
> FWIW, there is a workaround for users with dee
On Mon, Dec 5, 2016 at 6:00 PM, Pablo Neira Ayuso wrote:
> On Mon, Dec 05, 2016 at 11:34:15PM +0100, Pablo Neira Ayuso wrote:
>> On Mon, Dec 05, 2016 at 10:30:01PM +0100, Florian Westphal wrote:
>> > Eric Dumazet wrote:
>> > > On Mon, 2016-12-05 at 15:28 -0500, Willem de Bruijn wrote:
>> > > > Fr
On Mon, Dec 05, 2016 at 02:59:09PM -0800, Eric Dumazet wrote:
> On Mon, 2016-12-05 at 23:40 +0100, Florian Westphal wrote:
>
> > Fair enough, I have no objections to the patch.
>
> An additional question is about PATH_MAX :
>
> Is it guaranteed to stay at 4096 forever ?
>
> To be safe, maybe we
On Mon, Dec 5, 2016 at 5:55 PM, Daniel Borkmann wrote:
> Hi Willem,
>
> On 12/05/2016 09:28 PM, Willem de Bruijn wrote:
>>
>> From: Willem de Bruijn
>>
>> Add support for attaching an eBPF object by file descriptor.
>>
>> The iptables binary can be called with a path to an elf object or a
>> pinn
On Mon, Dec 05, 2016 at 11:34:15PM +0100, Pablo Neira Ayuso wrote:
> On Mon, Dec 05, 2016 at 10:30:01PM +0100, Florian Westphal wrote:
> > Eric Dumazet wrote:
> > > On Mon, 2016-12-05 at 15:28 -0500, Willem de Bruijn wrote:
> > > > From: Willem de Bruijn
> > > >
> > > > Add support for attaching
On Mon, 2016-12-05 at 23:40 +0100, Florian Westphal wrote:
> Fair enough, I have no objections to the patch.
An additional question is about PATH_MAX :
Is it guaranteed to stay at 4096 forever ?
To be safe, maybe we should use a constant of our own.
--
To unsubscribe from this list: send the
Hi Willem,
On 12/05/2016 09:28 PM, Willem de Bruijn wrote:
From: Willem de Bruijn
Add support for attaching an eBPF object by file descriptor.
The iptables binary can be called with a path to an elf object or a
pinned bpf object. Also pass the mode and path to the kernel to be
able to return
Pablo Neira Ayuso wrote:
> On Mon, Dec 05, 2016 at 10:30:01PM +0100, Florian Westphal wrote:
> > Eric Dumazet wrote:
> > > On Mon, 2016-12-05 at 15:28 -0500, Willem de Bruijn wrote:
> > > > From: Willem de Bruijn
> > > >
> > > > Add support for attaching an eBPF object by file descriptor.
> > >
On Mon, Dec 05, 2016 at 10:30:01PM +0100, Florian Westphal wrote:
> Eric Dumazet wrote:
> > On Mon, 2016-12-05 at 15:28 -0500, Willem de Bruijn wrote:
> > > From: Willem de Bruijn
> > >
> > > Add support for attaching an eBPF object by file descriptor.
> > >
> > > The iptables binary can be cal
Eric Dumazet wrote:
> On Mon, 2016-12-05 at 15:28 -0500, Willem de Bruijn wrote:
> > From: Willem de Bruijn
> >
> > Add support for attaching an eBPF object by file descriptor.
> >
> > The iptables binary can be called with a path to an elf object or a
> > pinned bpf object. Also pass the mode
On Mon, 2016-12-05 at 15:28 -0500, Willem de Bruijn wrote:
> From: Willem de Bruijn
>
> Add support for attaching an eBPF object by file descriptor.
>
> The iptables binary can be called with a path to an elf object or a
> pinned bpf object. Also pass the mode and path to the kernel to be
> able
From: Willem de Bruijn
Add support for attaching an eBPF object by file descriptor.
The iptables binary can be called with a path to an elf object or a
pinned bpf object. Also pass the mode and path to the kernel to be
able to return it later for iptables dump and save.
Signed-off-by: Willem de
16 matches
Mail list logo