On Tuesday, February 7, 2017 10:56:39 PM EST Paul Moore wrote:
> On Tue, Feb 7, 2017 at 3:52 PM, Richard Guy Briggs wrote:
> > So while I'm not advocating this is what should be done and I'm trying
> > to establish bounds to the scope of this feature, but would it be
> >
This completes the XML/JSON exportation using the new buffer class for
rule.
Signed-off-by: Shivani Bhardwaj
---
include/buffer.h | 5 +++
src/buffer.c | 11 +++
src/rule.c | 96
3 files changed, 43
Hi,
we want to use a map for a large NAT setup, mapping subnets to a single
IP. Thats why we wanted to use a map, but only the first two elements of
the map are used for the NAT.
I added two config examples to reproduce the bug. In the first example
the NAT works fine for the network
Andrey Konovalov wrote:
> Hi,
>
> I've got the following error report while fuzzing the kernel with syzkaller.
>
> On commit 926af6273fc683cd98cd0ce7bf0d04a02eed6742.
>
> A reproducer and .config are attached.
>
> WARNING: CPU: 2 PID: 26582 at
>
The comment is incorrect, this function does see fragments when
IP_NODEFRAG is used. Remove the wrong assertion.
As conntrack doesn't track fragments skb->nfct will be null
and no nat is performed.
Reported-by: Andrey Konovalov
Signed-off-by: Florian Westphal
On Wed, Feb 8, 2017 at 7:32 AM, Richard Guy Briggs wrote:
> On 2017-02-07 23:02, Paul Moore wrote:
>> On Tue, Feb 7, 2017 at 4:22 PM, Richard Guy Briggs wrote:
>> > On 2017-02-06 14:41, Paul Moore wrote:
>> >> On Sat, Feb 4, 2017 at 8:25 AM, Steve Grubb
On 2017-02-08 18:11, Paul Moore wrote:
> On Wed, Feb 8, 2017 at 7:32 AM, Richard Guy Briggs wrote:
> > On 2017-02-07 23:02, Paul Moore wrote:
> >> On Tue, Feb 7, 2017 at 4:22 PM, Richard Guy Briggs wrote:
> >> > On 2017-02-06 14:41, Paul Moore wrote:
> >> >> On
On Wed, Feb 8, 2017 at 11:30 AM, Steve Grubb wrote:
> On Tuesday, February 7, 2017 10:56:39 PM EST Paul Moore wrote:
>> On Tue, Feb 7, 2017 at 3:52 PM, Richard Guy Briggs wrote:
>> > So while I'm not advocating this is what should be done and I'm trying
>> >
On Tue, Feb 07, 2017 at 06:45:37PM -0800, Igor Pylypiv wrote:
> Textsearch state parameter was moved to local scope of the function.
> This eliminates usage of textsearch_next() to find subsequent occurrences.
>
> Fixes: 59a2440fd3cf ("net: Remove state argument from skb_find_text()")
>
On Tue, Feb 07, 2017 at 03:14:08AM +0100, Manuel Messner wrote:
> This patch set is part of the TCP option matching implementation for nftables.
>
> These patch sets enable nft to match against the following TCP options:
> * End of Option List
> * No-Operation
> * Maximum Segment Size
> * Window
On Fri, Feb 03, 2017 at 01:35:48PM +0100, Florian Westphal wrote:
> Just like with counters the direction attribute is optional.
> We set priv->dir to MAX unconditionally to avoid duplicating the assignment
> for all keys with optional direction.
>
> For keys where direction is mandatory,
On Tue, Feb 07, 2017 at 03:14:53AM +0100, Manuel Messner wrote:
> This patch implements the kernel side of the TCP option patch.
Neat work. Applied, thanks Manuel!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
Folks,
We are seeking for qualified people who love to write to cover the
netdev 2.1 conference.
The idea is to attend the different sessions and describe what
was discussed in a timely manner. We would like to publish the
events on a daily basis.
Requirements:
1) Passion about netdev
2)
13 matches
Mail list logo