On Tue, Feb 07, 2017 at 11:13:12PM -0800, Igor Pylypiv wrote:
> I am not planning to to add a new user of this functions.
> Use of skb_find_text() was a part of my Linux study and its
> description informed me that I can use textsearch_next()
> which I cannot. Just want to fix this.
Send us a patc
On Tue, Feb 07, 2017 at 06:45:37PM -0800, Igor Pylypiv wrote:
> Textsearch state parameter was moved to local scope of the function.
> This eliminates usage of textsearch_next() to find subsequent occurrences.
>
> Fixes: 59a2440fd3cf ("net: Remove state argument from skb_find_text()")
> Signed-off
On Tue, Feb 07, 2017 at 03:14:53AM +0100, Manuel Messner wrote:
> This patch implements the kernel side of the TCP option patch.
Neat work. Applied, thanks Manuel!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
Mo
On Fri, Feb 03, 2017 at 01:35:49PM +0100, Florian Westphal wrote:
> Next patch will add ZONE_ID set support which will need similar
> error unwind (put operation) as conntrack labels.
>
> Prepare for this: remove the 'label_got' boolean in favor
> of a switch statement that can be extended in next
On Fri, Feb 03, 2017 at 01:35:50PM +0100, Florian Westphal wrote:
> zones allow tracking multiple connections sharing identical tuples,
> this is needed e.g. when tracking distinct vlans with overlapping ip
> addresses (conntrack is l2 agnostic).
>
> Thus the zone has to be set before the packet i
On Fri, Feb 03, 2017 at 01:35:48PM +0100, Florian Westphal wrote:
> Just like with counters the direction attribute is optional.
> We set priv->dir to MAX unconditionally to avoid duplicating the assignment
> for all keys with optional direction.
>
> For keys where direction is mandatory, existing
On Tue, Feb 07, 2017 at 03:14:08AM +0100, Manuel Messner wrote:
> This patch set is part of the TCP option matching implementation for nftables.
>
> These patch sets enable nft to match against the following TCP options:
> * End of Option List
> * No-Operation
> * Maximum Segment Size
> * Window S
On 2017-02-07 23:02, Paul Moore wrote:
> On Tue, Feb 7, 2017 at 4:22 PM, Richard Guy Briggs wrote:
> > On 2017-02-06 14:41, Paul Moore wrote:
> >> On Sat, Feb 4, 2017 at 8:25 AM, Steve Grubb wrote:
> >> > On Friday, February 3, 2017 6:44:16 PM EST Paul Moore wrote:
> >> >> I'm still trying to und
Folks,
We are seeking for qualified people who love to write to cover the
netdev 2.1 conference.
The idea is to attend the different sessions and describe what
was discussed in a timely manner. We would like to publish the
events on a daily basis.
Requirements:
1) Passion about netdev
2) Knowled
This completes the XML/JSON exportation using the new buffer class for
rule.
Signed-off-by: Shivani Bhardwaj
---
include/buffer.h | 5 +++
src/buffer.c | 11 +++
src/rule.c | 96
3 files changed, 43 insertions(+), 69 deletio
On Tuesday, February 7, 2017 10:56:39 PM EST Paul Moore wrote:
> On Tue, Feb 7, 2017 at 3:52 PM, Richard Guy Briggs wrote:
> > So while I'm not advocating this is what should be done and I'm trying
> > to establish bounds to the scope of this feature, but would it be
> > reasonable to simply not l
Hi,
we want to use a map for a large NAT setup, mapping subnets to a single
IP. Thats why we wanted to use a map, but only the first two elements of
the map are used for the NAT.
I added two config examples to reproduce the bug. In the first example
the NAT works fine for the network 100.64.15.0/2
This patch adds documentation for stateful objects and updates
tables description to mention them.
Signed-off-by: Elise Lennion
---
doc/nft.xml | 134 +++-
1 file changed, 133 insertions(+), 1 deletion(-)
diff --git a/doc/nft.xml b/doc/nft
Andrey Konovalov wrote:
> Hi,
>
> I've got the following error report while fuzzing the kernel with syzkaller.
>
> On commit 926af6273fc683cd98cd0ce7bf0d04a02eed6742.
>
> A reproducer and .config are attached.
>
> WARNING: CPU: 2 PID: 26582 at
> net/ipv4/netfilter/nf_nat_l3proto_ipv4.c:261
> n
The comment is incorrect, this function does see fragments when
IP_NODEFRAG is used. Remove the wrong assertion.
As conntrack doesn't track fragments skb->nfct will be null
and no nat is performed.
Reported-by: Andrey Konovalov
Signed-off-by: Florian Westphal
---
net/ipv4/netfilter/nf_nat_l3p
On Wed, Feb 8, 2017 at 7:32 AM, Richard Guy Briggs wrote:
> On 2017-02-07 23:02, Paul Moore wrote:
>> On Tue, Feb 7, 2017 at 4:22 PM, Richard Guy Briggs wrote:
>> > On 2017-02-06 14:41, Paul Moore wrote:
>> >> On Sat, Feb 4, 2017 at 8:25 AM, Steve Grubb wrote:
>> >> > On Friday, February 3, 2017
On 2017-02-08 18:11, Paul Moore wrote:
> On Wed, Feb 8, 2017 at 7:32 AM, Richard Guy Briggs wrote:
> > On 2017-02-07 23:02, Paul Moore wrote:
> >> On Tue, Feb 7, 2017 at 4:22 PM, Richard Guy Briggs wrote:
> >> > On 2017-02-06 14:41, Paul Moore wrote:
> >> >> On Sat, Feb 4, 2017 at 8:25 AM, Steve
On Wed, Feb 8, 2017 at 11:30 AM, Steve Grubb wrote:
> On Tuesday, February 7, 2017 10:56:39 PM EST Paul Moore wrote:
>> On Tue, Feb 7, 2017 at 3:52 PM, Richard Guy Briggs wrote:
>> > So while I'm not advocating this is what should be done and I'm trying
>> > to establish bounds to the scope of th
18 matches
Mail list logo