Re: [PATCH nf-next v3 2/3] netfilter: bridge: pass L2 header and VLAN as netlink attributes in queues to userspace

On Sat, Feb 20, 2016 at 10:07:09AM +0100, Stephane Bryant wrote: > From: stephane > > -this creates 2 netlink attribute NLQA_VLAN and NLQA_L2HDR > -these are filled up for the PF_BRIDGE family on the way to userspace > > Signed-off-by: Stephane Bryant

[BUG] kernel crash in br_netfilter

I've been fighting a kernel bug that is producing random crashes around network / skb_layer for a long time and was able to isolate it (or one of its components) to the br_netfilter module. I am reproducing the bug with PowerPC (TL-WDR4900v1.3) and MIPS (DB120, ar71xx) based systems. Florian

Re: [PATCH] Fix musl compatibility

On Mon, Feb 22, 2016 at 03:51:15AM -0800, Loganaden Velvindron wrote: > Add missing constants for libxt_TCPOPTSTRIP.c, in case they are not defined. > > (Original patch from VoidLinux) OK, applied. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body

Re: [PATCH] src: netlink_delinearize: Fix datatype for len

On Mon, Feb 29, 2016 at 3:36 PM, Florian Westphal wrote: > Shivani Bhardwaj wrote: >> Change the data type of len from unsigned int to int in order to make >> it valid for checks like >> >> if (len < 0) >> >> The issue was brought into attention by the

Re: [PATCH] add JSON output format

On Mon, Feb 22, 2016 at 10:12:17AM +0100, Harald Welte wrote: > the original output format looks a bit like JSON, but isn't. The XML > output is useful if you deal with XML, but a lot of applications prefer > more lightweight formats like YAML/JSON. > > This adds the JSON output format to

Re: [PATCH 1/1] netfilter: ipset: Fix set:list type crash when flush/dump set in parallel

On Mon, 29 Feb 2016, Pablo Neira Ayuso wrote: > On Wed, Feb 24, 2016 at 09:19:26PM +0100, Jozsef Kadlecsik wrote: > > Flushing/listing entries was not RCU safe, so parallel flush/dump > > could lead to kernel crash. Bug reported by Deniz Eren. > > > > Fixes netfilter bugzilla id #1050. > > > >

Re: [PATCH nf] netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters

On Wed, Feb 24, 2016 at 03:34:43PM -0500, Phil Turnbull wrote: > nfacct_filter_alloc doesn't validate the NFACCT_FILTER_MASK and > NFACCT_FILTER_VALUE parameters which can trigger a NULL pointer > dereference. CAP_NET_ADMIN is required to trigger the bug. Applied, thanks. I have enqueued this to

Re: [PATCH] comment: Add translation to nft

On Wed, Feb 24, 2016 at 01:19:34AM +0530, Shivani Bhardwaj wrote: > Add translation for match comment to nftables. > This patch also adds the relevant infrastructure for carrying out > the translation. > > Example: > > $ sudo iptables-translate -A INPUT -s 192.168.0.0 -m comment --comment "A >

[PATCH nft] evaluate: reject set references in set elements

given table filter { set local { type iface_index elements = { lo } } chain input { type filter hook input priority 0; iif { @lan, } accept; } } nft BUG()s. I don't see how we could support sets-in-set; add a sanity check and error out instead. Signed-off-by: Florian

INFORMAÇÃO IMPORTANTE RE: Consultoria de Investimento em sua Localidade.

Oi Amigo, INFORMAÇÃO IMPORTANTE Nossa família está interessada em investir fundos em sua localidade. Mais informações para você se interessou. Saudações, Sir Henry Neville Lindley Keswick Presidente da Jardine Matheson Holdings Ltd https://en.wikipedia.org/wiki/Keswick_family -- To

[PATCH 3/3 v2] nftables: rule: Change the field "rule->comment" for an nftnl_attrbuf.

Now it is possible to store multiple variable length user data into rule. Modify the parser in order to fill the nftnl_attrbuf with the comment, and the print function for extract these commentary and print it to user. Signed-off-by: Carlos Falgueras García ---

[PATCH 2/3 v2] libnftnl: rule: Change the "userdata" attribute to use new TLV buffer.

Now is it possible to store multiple variable length user data into a rule. Modify XML and JSON parsers to support this new feature. Signed-off-by: Carlos Falgueras García --- include/json.h | 7 ++ include/utils.h | 2 + include/xml.h | 5 ++ src/jansson.c | 41

[PATCH 1/3 v2] libnftnl: Implement new buffer of TLV objects.

These functions allow to create a buffer (nftnl_attrbuf) of TLV objects (nftnl_attr). It is inspired by libmnl/src/attr.c. It can be used to store several variable length user data into an object. Example usage: ``` struct nftnl_attrbuf *attrbuf; struct nftnl_attr *attr;

INFORMAÇÃO IMPORTANTE RE: Consultoria de Investimento em sua Localidade.

Oi, Temos planejado investir alguns fundos no seu país. Responder se você estiver interessado. Saudações, Sir Henry Neville Lindley Keswick Presidente da Jardine Matheson Holdings Ltd https://en.wikipedia.org/wiki/Keswick_family == Hi friend,

[PATCH] extensions: libxt_statistic: Add translation to nft

Add translation for random to nftables. Examples: $ iptables-translate -A INPUT -m statistic --mode random --probability 0.1 -j ACCEPT nft add rule ip filter INPUT meta random 0.109 counter accept $ iptables-translate -A INPUT -m statistic --mode random ! --probability 0.1 -j ACCEPT nft

Re: [PATCH] src: netlink_delinearize: Fix datatype for len

Shivani Bhardwaj wrote: > Change the data type of len from unsigned int to int in order to make > it valid for checks like > > if (len < 0) > > The issue was brought into attention by the unexplained behavior of > frag with frag-off. Bugzilla entry: >