On Mon, Jul 11, 2016 at 1:26 PM, Pablo Neira Ayuso wrote:
> On Sun, Jul 10, 2016 at 04:48:26PM -0300, Marc Dionne wrote:
>> An update here since I've had some interactions with Pablo off list.
>>
>> Further testing shows that the underlying cause of the different test
>>
Thanks for this; I will send a v2 in the next two days.
-Aaron
Florian Westphal writes:
> Aaron Conole wrote:
>> --- a/net/netfilter/core.c
>> +++ b/net/netfilter/core
> [..]
>> +#define nf_entry_dereference(e) \
>> +rcu_dereference_protected(e,
On Mon, Jul 11, 2016 at 06:07:40PM +0200, Carlos Falgueras García wrote:
> All getters must set the output parameter 'data_len'
Applied.
Carlos, I have enhanced this description. Please, include more
detailed justifications on your follow up patches. Thanks.
--
To unsubscribe from this list:
On Sun, Jul 10, 2016 at 04:48:26PM -0300, Marc Dionne wrote:
> An update here since I've had some interactions with Pablo off list.
>
> Further testing shows that the underlying cause of the different test
> results is a udp packet that has a bogus source port number. In the
> test the server
All getters must set the output parameter 'data_len'
Signed-off-by: Carlos Falgueras García
---
src/chain.c | 3 +++
src/expr.c| 1 +
src/expr/dynset.c | 3 +++
src/expr/lookup.c | 3 +++
src/gen.c | 1 +
src/rule.c| 2 ++
src/set.c | 2
On Mon, Jul 11, 2016 at 01:41:07PM +0200, Carlos Falgueras García wrote:
> diff --git a/src/expr/lookup.c b/src/expr/lookup.c
> index 7f68f74..a29b7e5 100644
> --- a/src/expr/lookup.c
> +++ b/src/expr/lookup.c
> @@ -73,10 +73,13 @@ nftnl_expr_lookup_get(const struct nftnl_expr *e,
> uint16_t
All getters must set the output parameter 'data_len'
Signed-off-by: Carlos Falgueras García
---
src/chain.c | 3 +++
src/expr.c| 1 +
src/expr/dynset.c | 3 +++
src/expr/lookup.c | 3 +++
src/gen.c | 1 +
src/rule.c| 2 ++
src/set.c | 2
On Fri, Jul 08, 2016 at 05:29:11PM +0100, Eric Engestrom wrote:
> Signed-off-by: Eric Engestrom
> ---
>
> This can't compile without this macro… Is this header really used by anyone?
> Should it be removed, to avoid bit-rot?
Probably better to define something like:
On Wed, Jul 13, 2016 at 02:59:00PM -0400, Toby DiPasquale wrote:
> fix off-by-one in DecodeQ931
>
> This patch corrects an off-by-one error in the DecodeQ931 function in
> the nf_conntrack_h323 module. This error could result in reading off
> the end of a Q.931 frame.
Applied to nf-next, thanks.
On Sat, Jul 09, 2016 at 01:30:38AM +0200, Florian Westphal wrote:
> Aaron Conole wrote:
> > --- a/net/netfilter/core.c
> > +++ b/net/netfilter/core
> [..]
> > +#define nf_entry_dereference(e) \
> > + rcu_dereference_protected(e, lockdep_is_held(_hook_mutex))
> >
> >
On Mon, Jul 11, 2016 at 12:24:27PM +0200, Pablo Neira Ayuso wrote:
> Carlos,
>
> Habla con Laura para ver cómo lleva este cambio en la reunión:
>
> http://patchwork.ozlabs.org/patch/639253/
>
> Si ella no anda con tiempo, creo que tú tienes los conocimientos para
> hacer este cambio que
Carlos,
Habla con Laura para ver cómo lleva este cambio en la reunión:
http://patchwork.ozlabs.org/patch/639253/
Si ella no anda con tiempo, creo que tú tienes los conocimientos para
hacer este cambio que describo ahí.
No lo olvides. Gracias.
--
To unsubscribe from this list: send the line
On Thu, Jul 07, 2016 at 08:40:39PM +0200, Simon Horman wrote:
> Hi Pablo,
>
> please consider these enhancements to the IPVS. This alters the behaviour
> of the "least connection" schedulers such that pre-established connections
> are included in the active connection count. This avoids
On Thu, Jul 07, 2016 at 08:30:21PM +0200, Simon Horman wrote:
> Hi Pablo,
>
> please consider this IPVS fix for v4.7.
>
> The fix from Quentin Armitage allows the backup sync daemon to
> be bound to a link-local mcast IPv6 address as is already the case
> for IPv4.
>
> The following changes
On Sun, Jul 03, 2016 at 08:44:01PM +0200, Florian Westphal wrote:
> We don't need to acquire the bucket lock during early drop, we can
> use lockless traveral just like nf_conntrack_find.
>
> The timer deletion serves as synchronization point, if another cpu
> attempts to evict same entry,
On Tue, Jul 05, 2016 at 12:07:23PM +0200, Florian Westphal wrote:
> The nat extension structure is 32bytes in size on x86_64:
>
> struct nf_conn_nat {
> struct hlist_node bysource; /* 016 */
> struct nf_conn * ct; /*16
On Tue, Jul 05, 2016 at 11:23:00PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> If we want to use ct packets expr, and add a rule like follows:
> # nft add rule filter input ct packets gt 1 counter
>
> We will find that no packets will hit it, because
>
On Sun, Jul 03, 2016 at 01:18:42PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> When user adjust the hash size via
> /sys/module/nf_conntrack/parameters/hashsize,
> something will break because race condition happened.
>
> This patch set aim to fix these
On Tue, Jul 05, 2016 at 12:07:24PM +0200, Florian Westphal wrote:
> It did use a fixed-size bucket list plus single lock to protect add/del.
>
> Unlike the main conntrack table we only need to add and remove keys.
> Convert it to rhashtable to get table autosizing and per-bucket locking.
>
> The
19 matches
Mail list logo