On Sat, Feb 20, 2016 at 10:07:09AM +0100, Stephane Bryant wrote:
> From: stephane
>
> -this creates 2 netlink attribute NLQA_VLAN and NLQA_L2HDR
> -these are filled up for the PF_BRIDGE family on the way to userspace
>
> Signed-off-by: Stephane Bryant
I've been fighting a kernel bug that is producing random crashes around network
/
skb_layer for a long time and was able to isolate it (or one of its components)
to
the br_netfilter module.
I am reproducing the bug with PowerPC (TL-WDR4900v1.3) and MIPS (DB120, ar71xx)
based systems. Florian
On Mon, Feb 22, 2016 at 03:51:15AM -0800, Loganaden Velvindron wrote:
> Add missing constants for libxt_TCPOPTSTRIP.c, in case they are not defined.
>
> (Original patch from VoidLinux)
OK, applied. Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body
On Mon, Feb 29, 2016 at 3:36 PM, Florian Westphal wrote:
> Shivani Bhardwaj wrote:
>> Change the data type of len from unsigned int to int in order to make
>> it valid for checks like
>>
>> if (len < 0)
>>
>> The issue was brought into attention by the
On Mon, Feb 22, 2016 at 10:12:17AM +0100, Harald Welte wrote:
> the original output format looks a bit like JSON, but isn't. The XML
> output is useful if you deal with XML, but a lot of applications prefer
> more lightweight formats like YAML/JSON.
>
> This adds the JSON output format to
On Mon, 29 Feb 2016, Pablo Neira Ayuso wrote:
> On Wed, Feb 24, 2016 at 09:19:26PM +0100, Jozsef Kadlecsik wrote:
> > Flushing/listing entries was not RCU safe, so parallel flush/dump
> > could lead to kernel crash. Bug reported by Deniz Eren.
> >
> > Fixes netfilter bugzilla id #1050.
> >
> >
On Wed, Feb 24, 2016 at 03:34:43PM -0500, Phil Turnbull wrote:
> nfacct_filter_alloc doesn't validate the NFACCT_FILTER_MASK and
> NFACCT_FILTER_VALUE parameters which can trigger a NULL pointer
> dereference. CAP_NET_ADMIN is required to trigger the bug.
Applied, thanks.
I have enqueued this to
On Wed, Feb 24, 2016 at 01:19:34AM +0530, Shivani Bhardwaj wrote:
> Add translation for match comment to nftables.
> This patch also adds the relevant infrastructure for carrying out
> the translation.
>
> Example:
>
> $ sudo iptables-translate -A INPUT -s 192.168.0.0 -m comment --comment "A
>
given
table filter {
set local {
type iface_index
elements = { lo }
}
chain input {
type filter hook input priority 0;
iif { @lan, } accept;
}
}
nft BUG()s. I don't see how we could support sets-in-set; add a sanity
check and error out instead.
Signed-off-by: Florian
Oi Amigo,
INFORMAÇÃO IMPORTANTE
Nossa família está interessada em investir fundos em sua localidade.
Mais informações para você se interessou.
Saudações,
Sir Henry Neville Lindley Keswick
Presidente da Jardine Matheson Holdings Ltd
https://en.wikipedia.org/wiki/Keswick_family
--
To
Now it is possible to store multiple variable length user data into rule.
Modify the parser in order to fill the nftnl_attrbuf with the comment, and
the print function for extract these commentary and print it to user.
Signed-off-by: Carlos Falgueras García
---
Now is it possible to store multiple variable length user data into a rule.
Modify XML and JSON parsers to support this new feature.
Signed-off-by: Carlos Falgueras García
---
include/json.h | 7 ++
include/utils.h | 2 +
include/xml.h | 5 ++
src/jansson.c | 41
These functions allow to create a buffer (nftnl_attrbuf) of TLV objects
(nftnl_attr). It is inspired by libmnl/src/attr.c. It can be used to store
several variable length user data into an object.
Example usage:
```
struct nftnl_attrbuf *attrbuf;
struct nftnl_attr *attr;
Oi,
Temos planejado investir alguns fundos no seu país.
Responder se você estiver interessado.
Saudações,
Sir Henry Neville Lindley Keswick
Presidente da Jardine Matheson Holdings Ltd
https://en.wikipedia.org/wiki/Keswick_family
==
Hi friend,
Add translation for random to nftables.
Examples:
$ iptables-translate -A INPUT -m statistic --mode random --probability
0.1 -j ACCEPT
nft add rule ip filter INPUT meta random 0.109 counter accept
$ iptables-translate -A INPUT -m statistic --mode random ! --probability
0.1 -j ACCEPT
nft
Shivani Bhardwaj wrote:
> Change the data type of len from unsigned int to int in order to make
> it valid for checks like
>
> if (len < 0)
>
> The issue was brought into attention by the unexplained behavior of
> frag with frag-off. Bugzilla entry:
>
16 matches
Mail list logo