Florian Westphal wrote:
> Patrick McHardy wrote:
> > > If not, I see no choice other than resubmitting the original V1 kernel
> > > patch that simply copied the entire sreg into the label area, this way
> > > no userspace changes are needed.
> >
> > I have to follow up on the previous discussion
On 25.04, Pablo Neira Ayuso wrote:
> On Mon, Apr 25, 2016 at 10:35:19PM +0100, Patrick McHardy wrote:
> > On 25.04, Florian Westphal wrote:
> >
> > > If not, I see no choice other than resubmitting the original V1 kernel
> > > patch that simply copied the entire sreg into the label area, this way
Patrick McHardy wrote:
> > If not, I see no choice other than resubmitting the original V1 kernel
> > patch that simply copied the entire sreg into the label area, this way
> > no userspace changes are needed.
>
> I have to follow up on the previous discussion. Just wondering, what's wrong
> with
On 25.04, Pablo Neira Ayuso wrote:
> On Mon, Apr 25, 2016 at 05:59:56PM +0100, Patrick McHardy wrote:
> > On 25.04, Pablo Neira Ayuso wrote:
> > > There is issue, eg:
> > >
> > > # nft add element ip x myset { 1.1.1.0/24 }
> > > # nft add element ip x myset { 1.1.1.1 }
> > > # nft list ruleset
> >
On Mon, Apr 25, 2016 at 10:35:19PM +0100, Patrick McHardy wrote:
> On 25.04, Florian Westphal wrote:
> > Patrick McHardy wrote:
> > > On 25.04, Florian Westphal wrote:
> > > > We could go for a 3rd alternative, namely:
> > > >
> > > > u16 bit = regs->data[priv->sreg];
> > > > set_bit(bit, ct->lab
On 25.04, Florian Westphal wrote:
> Patrick McHardy wrote:
> > On 25.04, Florian Westphal wrote:
> > > We could go for a 3rd alternative, namely:
> > >
> > > u16 bit = regs->data[priv->sreg];
> > > set_bit(bit, ct->labels);
> > >
> > > i.e. have userspace place the _bit_ that we want to set in t
On Mon, Apr 25, 2016 at 06:05:41PM +0100, Patrick McHardy wrote:
> On 25.04, Florian Westphal wrote:
> > Patrick McHardy wrote:
> >
> > > The alternative to internally handling it would be to some propagating
> > > validation to immediates / sets which invoke the actual user of the data.
> > > So
On Mon, Apr 25, 2016 at 05:59:56PM +0100, Patrick McHardy wrote:
> On 25.04, Pablo Neira Ayuso wrote:
> > On Mon, Apr 25, 2016 at 11:38:32AM +0100, Patrick McHardy wrote:
> > > On 23.04, Pablo Neira Ayuso wrote:
> > > > This patchset adds the missing code to reject overlapping intervals.
> > > >
>
Patrick McHardy wrote:
> On 25.04, Florian Westphal wrote:
> > We could go for a 3rd alternative, namely:
> >
> > u16 bit = regs->data[priv->sreg];
> > set_bit(bit, ct->labels);
> >
> > i.e. have userspace place the _bit_ that we want to set in the
> > source register.
> >
> > If we go for sreg
From: Nicolas Dichtel
Date: Mon, 25 Apr 2016 10:25:13 +0200
> This is the continuation (series #2) of the work done to align netlink
> attributes when these attributes contain some 64-bit fields.
>
> In patch #3, I didn't modify the function ila_encap_nlsize(). I was waiting
> feedback for this
On 25.04, Florian Westphal wrote:
> Patrick McHardy wrote:
>
> > The alternative to internally handling it would be to some propagating
> > validation to immediates / sets which invoke the actual user of the data.
> > So in the case of helpers, we could replace the name by references to
> > the h
On 25.04, Pablo Neira Ayuso wrote:
> On Mon, Apr 25, 2016 at 11:38:32AM +0100, Patrick McHardy wrote:
> > On 23.04, Pablo Neira Ayuso wrote:
> > > This patchset adds the missing code to reject overlapping intervals.
> > >
> > > # nft add table ip filter
> > > # nft add set ip filter myset { type
Toby DiPasquale wrote:
> I was reviewing the H.323 conntrack helper in the kernel when I came
> across what appears to be an off-by-one error in the DecodeQ931
> function. The MessageType field of the Q931 record is assigned and p
> is incremented, but the corresponding decrement to sz is missing,
W dniu 25.04.2016 11:18, Jozsef Kadlecsik napisał(a):
On Sun, 24 Apr 2016, Tomasz Chiliński wrote:
First - thanks a lot for excellent ipset toolkit!
Second - Sorry for posting directly to you, but didn't get reply from
netfilter-devel
mailing list after trying to subscribe there.
I've created
On Wed, Apr 20, 2016 at 12:46:31PM +1000, Simon Horman wrote:
> Hi Pablo,
>
> please consider these enhancements to the IPVS. They allow SIP connections
> originating from real-servers to be load balanced by the SIP psersitence
> engine as is already implemented in the other direction. And for bet
On Tue, Apr 12, 2016 at 11:50:33PM +0200, Pablo Neira Ayuso wrote:
> This patchset resolves the main issues with the dynamic support for
> range and its existing rb-tree implementation.
I'm applying this series now.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
t
Pablo Neira Ayuso wrote:
> Different thing is to indicate the bit number from an immediate, ie.
> we use set_bit() based on the register data that we get, so we can use
> maps as Patrick suggests.
Right.
> > I don't want to resubmit until there is consensus as to what the
> > preferred solution
On Fri, Apr 22, 2016 at 02:56:57AM -0700, Liping Zhang wrote:
> From: Liping Zhang
>
> ip6_route_output() will never return a NULL pointer, so there's no need
> to check it.
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to
On Mon, Apr 18, 2016 at 04:16:58PM +0200, Florian Westphal wrote:
> This small series prepares for upcoming merge of the per-namespace hash tables
> into a single table (or rater, three tables
> -- conntrack hash, expect hash and nat bysrc hash).
>
> Arguments for merging it:
> - We stop wasting (
On Mon, Apr 25, 2016 at 01:56:22PM +0200, Florian Westphal wrote:
> Patrick McHardy wrote:
> > On 25.04, Florian Westphal wrote:
> > > Patrick McHardy wrote:
> > > > On 21.04, Florian Westphal wrote:
> > > > > Pablo suggested to re-use the immediate attributes already used by
> > > > > nft_immedi
On Mon, Apr 25, 2016 at 12:26:09PM +0100, Szabolcs Nagy wrote:
> On 24/04/16 16:45, Mikko Rapeli wrote:
> > glibc's net/if.h contains copies of definitions from linux/if.h and these
> > conflict and cause build failures if both files are included by application
> > source code. Changes in uapi head
On Mon, Apr 25, 2016 at 11:38:32AM +0100, Patrick McHardy wrote:
> On 23.04, Pablo Neira Ayuso wrote:
> > Hi,
> >
> > This patchset adds the missing code to reject overlapping intervals.
> >
> > # nft add table ip filter
> > # nft add set ip filter myset { type ipv4_addr\; flags interval\; }
>
Patrick McHardy wrote:
> On 25.04, Florian Westphal wrote:
> > Patrick McHardy wrote:
> > > On 21.04, Florian Westphal wrote:
> > > > Pablo suggested to re-use the immediate attributes already used by
> > > > nft_immediate, nft_bitwise and nft_cmp to re-use as much code as
> > > > possible.
> > >
On 24/04/16 16:45, Mikko Rapeli wrote:
> glibc's net/if.h contains copies of definitions from linux/if.h and these
> conflict and cause build failures if both files are included by application
> source code. Changes in uapi headers, which fixed header file dependencies to
> include linux/if.h when
On 25.04, Florian Westphal wrote:
> Patrick McHardy wrote:
> > On 21.04, Florian Westphal wrote:
> > > Pablo suggested to re-use the immediate attributes already used by
> > > nft_immediate, nft_bitwise and nft_cmp to re-use as much code as
> > > possible.
> > >
> > > Just add new NFTA_CT_IMM tha
Patrick McHardy wrote:
> On 21.04, Florian Westphal wrote:
> > Instead of taking the value to set from a source register, userspace
> > passes the bit that we should set as an immediate netlink value.
> >
> > This follows a similar approach that xtables 'connlabel'
> > match uses, so when user in
On 23.04, Pablo Neira Ayuso wrote:
> Hi,
>
> This patchset adds the missing code to reject overlapping intervals.
>
> # nft add table ip filter
> # nft add set ip filter myset { type ipv4_addr\; flags interval\; }
> # nft add chain ip filter output { type filter hook output priority 0\; }
> #
On 21.04, Florian Westphal wrote:
> Instead of taking the value to set from a source register, userspace
> passes the bit that we should set as an immediate netlink value.
>
> This follows a similar approach that xtables 'connlabel'
> match uses, so when user inputs
>
> ct label set bar
>
>
On 25.04, Florian Westphal wrote:
> Patrick McHardy wrote:
> > On 24.04, Patrick McHardy wrote:
> > > On 25.04, Florian Westphal wrote:
> > > > Patrick McHardy wrote:
> > > > > The following patches contain the latest version of the ruleset
> > > > > tracing
> > > > > functionality.
> > > > > I
Let's add some testcases for named sets with intervals and ranges.
Signed-off-by: Arturo Borrero Gonzalez
---
tests/shell/testcases/sets/0001named_interval_0| 47
.../sets/0002named_interval_automerging_0 | 12 +
.../sets/0003named_interval_missing_flag_
Patrick McHardy wrote:
> On 24.04, Patrick McHardy wrote:
> > On 25.04, Florian Westphal wrote:
> > > Patrick McHardy wrote:
> > > > The following patches contain the latest version of the ruleset tracing
> > > > functionality.
> > > > I consider this patchset complete. Testing and comments welco
On Sun, 24 Apr 2016, Tomasz Chiliński wrote:
> First - thanks a lot for excellent ipset toolkit!
> Second - Sorry for posting directly to you, but didn't get reply from
> netfilter-devel
> mailing list after trying to subscribe there.
>
> I've created lately my own very missed set type hash:ip,ma
Signed-off-by: Nicolas Dichtel
---
include/linux/nl802154.h | 2 ++
net/ieee802154/nl-mac.c | 17 +++--
net/ieee802154/nl802154.c | 3 ++-
3 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/include/linux/nl802154.h b/include/linux/nl802154.h
index 167342c2ce6b..0f6f6
Signed-off-by: Nicolas Dichtel
---
include/uapi/linux/l2tp.h | 1 +
net/l2tp/l2tp_netlink.c | 80 ---
2 files changed, 49 insertions(+), 32 deletions(-)
diff --git a/include/uapi/linux/l2tp.h b/include/uapi/linux/l2tp.h
index 3386a99e0397..4bd27d027
Signed-off-by: Nicolas Dichtel
---
include/uapi/linux/if_link.h | 1 +
net/core/rtnetlink.c | 36 ++--
2 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index ba69d4447249..5fdd3a42
Signed-off-by: Nicolas Dichtel
---
include/uapi/linux/pkt_sched.h | 3 +++
net/sched/sch_htb.c| 6 --
net/sched/sch_netem.c | 3 ++-
net/sched/sch_tbf.c| 6 --
4 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/include/uapi/linux/pkt_sched.h b
Signed-off-by: Nicolas Dichtel
---
include/uapi/linux/openvswitch.h | 1 +
net/openvswitch/datapath.c | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/uapi/linux/openvswitch.h b/include/uapi/linux/openvswitch.h
index 0358f94af86e..d6be1fb778a5 100644
--- a/incl
Signed-off-by: Nicolas Dichtel
---
include/uapi/linux/ila.h | 1 +
net/ipv6/ila/ila_lwt.c | 3 ++-
net/ipv6/ila/ila_xlat.c | 15 +--
3 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/include/uapi/linux/ila.h b/include/uapi/linux/ila.h
index abde7bbd6f3b..cd97951680b
Signed-off-by: Nicolas Dichtel
---
include/uapi/linux/ip_vs.h | 1 +
net/netfilter/ipvs/ip_vs_ctl.c | 36
2 files changed, 25 insertions(+), 12 deletions(-)
diff --git a/include/uapi/linux/ip_vs.h b/include/uapi/linux/ip_vs.h
index 391395c06c7e..22d69894
Signed-off-by: Nicolas Dichtel
---
include/uapi/linux/if_link.h | 2 ++
net/bridge/br_netlink.c | 62 +---
2 files changed, 38 insertions(+), 26 deletions(-)
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index 5fdd3a42e377.
Signed-off-by: Nicolas Dichtel
---
include/uapi/linux/nl80211.h | 4 ++
net/wireless/nl80211.c | 91 ++--
2 files changed, 59 insertions(+), 36 deletions(-)
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index 1df655d8aa52.
This is the continuation (series #2) of the work done to align netlink
attributes when these attributes contain some 64-bit fields.
In patch #3, I didn't modify the function ila_encap_nlsize(). I was waiting
feedback for this patch: http://patchwork.ozlabs.org/patch/613766/
If it's approved, ther
Le 23/04/2016 19:28, Alexander Aring a écrit :
Hi,
On 04/23/2016 07:05 PM, Alexander Aring wrote:
...
if this is really needed, then nla_put_u64/be64/etc need to be changed also,
Okay, I found PATCH 3/9 do it for be64, but what's about u64?
It's also planned. I will send several "small" se
43 matches
Mail list logo
