Re: Multi-thread udp 4.7 regression, bisected to 71d8c47fc653

On Mon, Jul 11, 2016 at 1:26 PM, Pablo Neira Ayuso wrote: > On Sun, Jul 10, 2016 at 04:48:26PM -0300, Marc Dionne wrote: >> An update here since I've had some interactions with Pablo off list. >> >> Further testing shows that the underlying cause of the different test >>

Re: [PATCH nf-next 3/3] netfilter: replace list_head with single linked list

Thanks for this; I will send a v2 in the next two days. -Aaron Florian Westphal writes: > Aaron Conole wrote: >> --- a/net/netfilter/core.c >> +++ b/net/netfilter/core > [..] >> +#define nf_entry_dereference(e) \ >> +rcu_dereference_protected(e,

Re: [PATCH v3, libnftnl] Fix nftnl_*_get to set data_len

On Mon, Jul 11, 2016 at 06:07:40PM +0200, Carlos Falgueras García wrote: > All getters must set the output parameter 'data_len' Applied. Carlos, I have enhanced this description. Please, include more detailed justifications on your follow up patches. Thanks. -- To unsubscribe from this list:

Re: Multi-thread udp 4.7 regression, bisected to 71d8c47fc653

On Sun, Jul 10, 2016 at 04:48:26PM -0300, Marc Dionne wrote: > An update here since I've had some interactions with Pablo off list. > > Further testing shows that the underlying cause of the different test > results is a udp packet that has a bogus source port number. In the > test the server

[PATCH v3, libnftnl] Fix nftnl_*_get to set data_len

All getters must set the output parameter 'data_len' Signed-off-by: Carlos Falgueras García --- src/chain.c | 3 +++ src/expr.c| 1 + src/expr/dynset.c | 3 +++ src/expr/lookup.c | 3 +++ src/gen.c | 1 + src/rule.c| 2 ++ src/set.c | 2

Re: [PATCH v2, libnftnl] Fix nftnl_*_get to set data_len

On Mon, Jul 11, 2016 at 01:41:07PM +0200, Carlos Falgueras García wrote: > diff --git a/src/expr/lookup.c b/src/expr/lookup.c > index 7f68f74..a29b7e5 100644 > --- a/src/expr/lookup.c > +++ b/src/expr/lookup.c > @@ -73,10 +73,13 @@ nftnl_expr_lookup_get(const struct nftnl_expr *e, > uint16_t

[PATCH v2, libnftnl] Fix nftnl_*_get to set data_len

All getters must set the output parameter 'data_len' Signed-off-by: Carlos Falgueras García --- src/chain.c | 3 +++ src/expr.c| 1 + src/expr/dynset.c | 3 +++ src/expr/lookup.c | 3 +++ src/gen.c | 1 + src/rule.c| 2 ++ src/set.c | 2

Re: [PATCH 2/2] netfilter: add missing macro

On Fri, Jul 08, 2016 at 05:29:11PM +0100, Eric Engestrom wrote: > Signed-off-by: Eric Engestrom > --- > > This can't compile without this macro… Is this header really used by anyone? > Should it be removed, to avoid bit-rot? Probably better to define something like:

Re: [PATCH] fix off-by-one in DecodeQ931

On Wed, Jul 13, 2016 at 02:59:00PM -0400, Toby DiPasquale wrote: > fix off-by-one in DecodeQ931 > > This patch corrects an off-by-one error in the DecodeQ931 function in > the nf_conntrack_h323 module. This error could result in reading off > the end of a Q.931 frame. Applied to nf-next, thanks.

Re: [PATCH nf-next 3/3] netfilter: replace list_head with single linked list

On Sat, Jul 09, 2016 at 01:30:38AM +0200, Florian Westphal wrote: > Aaron Conole wrote: > > --- a/net/netfilter/core.c > > +++ b/net/netfilter/core > [..] > > +#define nf_entry_dereference(e) \ > > + rcu_dereference_protected(e, lockdep_is_held(_hook_mutex)) > > > >

Re: [PATCH 2/2 libnfntl] Fix nftnl_*_get to set data_len

On Mon, Jul 11, 2016 at 12:24:27PM +0200, Pablo Neira Ayuso wrote: > Carlos, > > Habla con Laura para ver cómo lleva este cambio en la reunión: > > http://patchwork.ozlabs.org/patch/639253/ > > Si ella no anda con tiempo, creo que tú tienes los conocimientos para > hacer este cambio que

Re: [PATCH 2/2 libnfntl] Fix nftnl_*_get to set data_len

Carlos, Habla con Laura para ver cómo lleva este cambio en la reunión: http://patchwork.ozlabs.org/patch/639253/ Si ella no anda con tiempo, creo que tú tienes los conocimientos para hacer este cambio que describo ahí. No lo olvides. Gracias. -- To unsubscribe from this list: send the line

Re: [GIT PULL nf-next] IPVS Updates for v4.8

On Thu, Jul 07, 2016 at 08:40:39PM +0200, Simon Horman wrote: > Hi Pablo, > > please consider these enhancements to the IPVS. This alters the behaviour > of the "least connection" schedulers such that pre-established connections > are included in the active connection count. This avoids

Re: [GIT PULL nf] Second Round of IPVS Fixes for v4.7

On Thu, Jul 07, 2016 at 08:30:21PM +0200, Simon Horman wrote: > Hi Pablo, > > please consider this IPVS fix for v4.7. > > The fix from Quentin Armitage allows the backup sync daemon to > be bound to a link-local mcast IPv6 address as is already the case > for IPv4. > > The following changes

Re: [PATCH -next] netfilter: conntrack: simplify early_drop

On Sun, Jul 03, 2016 at 08:44:01PM +0200, Florian Westphal wrote: > We don't need to acquire the bucket lock during early drop, we can > use lockless traveral just like nf_conntrack_find. > > The timer deletion serves as synchronization point, if another cpu > attempts to evict same entry,

Re: [PATCH nf-next 1/2] netfilter: move nat hlist_head to nf_conn

On Tue, Jul 05, 2016 at 12:07:23PM +0200, Florian Westphal wrote: > The nat extension structure is 32bytes in size on x86_64: > > struct nf_conn_nat { > struct hlist_node bysource; /* 016 */ > struct nf_conn * ct; /*16

Re: [PATCH nf-next] netfilter: nft_ct: make byte/packet expr more friendly

On Tue, Jul 05, 2016 at 11:23:00PM +0800, Liping Zhang wrote: > From: Liping Zhang > > If we want to use ct packets expr, and add a rule like follows: > # nft add rule filter input ct packets gt 1 counter > > We will find that no packets will hit it, because >

Re: [PATCH V2,nf 0/3] netfilter: conntrack: fix race condition associated with hash resize

On Sun, Jul 03, 2016 at 01:18:42PM +0800, Liping Zhang wrote: > From: Liping Zhang > > When user adjust the hash size via > /sys/module/nf_conntrack/parameters/hashsize, > something will break because race condition happened. > > This patch set aim to fix these

Re: [PATCH nf-next 2/6] netfilter: nat: convert nat bysrc hash to rhashtable

On Tue, Jul 05, 2016 at 12:07:24PM +0200, Florian Westphal wrote: > It did use a fixed-size bucket list plus single lock to protect add/del. > > Unlike the main conntrack table we only need to add and remove keys. > Convert it to rhashtable to get table autosizing and per-bucket locking. > > The