Re: AUDIT_NETFILTER_PKT message format

On Tuesday, February 7, 2017 10:56:39 PM EST Paul Moore wrote: > On Tue, Feb 7, 2017 at 3:52 PM, Richard Guy Briggs wrote: > > So while I'm not advocating this is what should be done and I'm trying > > to establish bounds to the scope of this feature, but would it be > >

[PATCH] src: consolidate XML/JSON exportation for rule

This completes the XML/JSON exportation using the new buffer class for rule. Signed-off-by: Shivani Bhardwaj --- include/buffer.h | 5 +++ src/buffer.c | 11 +++ src/rule.c | 96 3 files changed, 43

nftables bug: Only the first two elements of a map are used for NAT

Hi, we want to use a map for a large NAT setup, mapping subnets to a single IP. Thats why we wanted to use a map, but only the first two elements of the map are used for the NAT. I added two config examples to reproduce the bug. In the first example the NAT works fine for the network

Re: net/ipv4: warning in nf_nat_ipv4_fn

Andrey Konovalov wrote: > Hi, > > I've got the following error report while fuzzing the kernel with syzkaller. > > On commit 926af6273fc683cd98cd0ce7bf0d04a02eed6742. > > A reproducer and .config are attached. > > WARNING: CPU: 2 PID: 26582 at >

[PATCH nf] netfilter: nat: remove incorrect debug assert

The comment is incorrect, this function does see fragments when IP_NODEFRAG is used. Remove the wrong assertion. As conntrack doesn't track fragments skb->nfct will be null and no nat is performed. Reported-by: Andrey Konovalov Signed-off-by: Florian Westphal

Re: [RFC PATCH] audit: normalize NETFILTER_PKT

On Wed, Feb 8, 2017 at 7:32 AM, Richard Guy Briggs wrote: > On 2017-02-07 23:02, Paul Moore wrote: >> On Tue, Feb 7, 2017 at 4:22 PM, Richard Guy Briggs wrote: >> > On 2017-02-06 14:41, Paul Moore wrote: >> >> On Sat, Feb 4, 2017 at 8:25 AM, Steve Grubb

Re: [RFC PATCH] audit: normalize NETFILTER_PKT

On 2017-02-08 18:11, Paul Moore wrote: > On Wed, Feb 8, 2017 at 7:32 AM, Richard Guy Briggs wrote: > > On 2017-02-07 23:02, Paul Moore wrote: > >> On Tue, Feb 7, 2017 at 4:22 PM, Richard Guy Briggs wrote: > >> > On 2017-02-06 14:41, Paul Moore wrote: > >> >> On

Re: AUDIT_NETFILTER_PKT message format

On Wed, Feb 8, 2017 at 11:30 AM, Steve Grubb wrote: > On Tuesday, February 7, 2017 10:56:39 PM EST Paul Moore wrote: >> On Tue, Feb 7, 2017 at 3:52 PM, Richard Guy Briggs wrote: >> > So while I'm not advocating this is what should be done and I'm trying >> >

Re: [PATCH] net: fix description of skb_find_text() according to removed functionality

On Tue, Feb 07, 2017 at 06:45:37PM -0800, Igor Pylypiv wrote: > Textsearch state parameter was moved to local scope of the function. > This eliminates usage of textsearch_next() to find subsequent occurrences. > > Fixes: 59a2440fd3cf ("net: Remove state argument from skb_find_text()") >

Re: [PATCH nftables 0/7] TCP option matching

On Tue, Feb 07, 2017 at 03:14:08AM +0100, Manuel Messner wrote: > This patch set is part of the TCP option matching implementation for nftables. > > These patch sets enable nft to match against the following TCP options: > * End of Option List > * No-Operation > * Maximum Segment Size > * Window

Re: [PATCH nf-next 1/9] netfilter: nft_ct: add zone id get support

On Fri, Feb 03, 2017 at 01:35:48PM +0100, Florian Westphal wrote: > Just like with counters the direction attribute is optional. > We set priv->dir to MAX unconditionally to avoid duplicating the assignment > for all keys with optional direction. > > For keys where direction is mandatory,

Re: [PATCH nf-next 1/1] net: netfilter: nft_exthdr: add TCP option matching

On Tue, Feb 07, 2017 at 03:14:53AM +0100, Manuel Messner wrote: > This patch implements the kernel side of the TCP option patch. Neat work. Applied, thanks Manuel! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org

ANNOUNCE: Netdev 2.1 seeking netdev conferences reporter(s)

Folks, We are seeking for qualified people who love to write to cover the netdev 2.1 conference. The idea is to attend the different sessions and describe what was discussed in a timely manner. We would like to publish the events on a daily basis. Requirements: 1) Passion about netdev 2)