Fabian Frederick wrote:
> Hello Florian,
>
> First problem is solved: table gets cleared 3 minutes earlier
> but I still have kmemleak before running the following:
>
> echo scan > /sys/kernel/debug/kmemleak
> cat /sys/kernel/debug/kmemleak
> Nothing
> echo scan >
Thanks for pointing this out, I will reorder the fields to:
struct hashlimit_cfg2 {
__u64 avg;/* Average secs between packets * scale */
__u64 burst;
__u32 mode; /* bitmask of XT_HASHLIMIT_HASH_* */
This should fix the hole and avoid padding.
-Vishwanath
On
On Thu, Sep 22, 2016 at 09:16:07AM -0700, Eric Dumazet wrote:
> On Thu, 2016-09-22 at 16:58 +0200, Pablo Neira Ayuso wrote:
> > attributes")
> >
> > Always use 12 bytes commit-ids. 4da449a is too short, given the number
> > of changes we're getting in the kernel tree, this may become ambiguous
>
On Thu, Sep 22, 2016 at 04:58:36PM +0200, Pablo Neira Ayuso wrote:
> On Wed, Sep 14, 2016 at 03:00:02PM +0200, Laura Garcia Liebana wrote:
> > Check storage of u32 netlink attributes in smaller resources. This
> > validation is usually required when the u32 netlink attributes are being
> > stored
> On 21 September 2016 at 23:02 Florian Westphal wrote:
>
>
> Fabian Frederick wrote:
> > Since commit f330a7fdbe16
> > ("netfilter: conntrack: get rid of conntrack timer")
> >
> > closed connections remain longer in /proc/net/nf_conntrack
> >
> > Running
On Thursday 2016-09-22 18:43, Vishwanath Pai wrote:
>+struct hashlimit_cfg2 {
>+ __u32 mode; /* bitmask of XT_HASHLIMIT_HASH_* */
>+ __u64 avg;/* Average secs between packets * scale */
>+ __u64 burst; /* Period multiplier for upper limit. */
This would have different
V2:
Removed the call to BUG() in cfg_copy, we return -EINVAL
instead and all calls to cfg_copy check for this
V3:
change "revision" in the call to cfg_copy inside htable_create to 2
previously this would pass down revision from the function parameter
this is wrong since *cfg here is always
I am planning to add a revision 2 for the hashlimit xtables module to
support higher packets per second rates. This patch renames all the
functions and variables related to revision 1 by adding _v1 at the
end of the names.
Signed-off-by: Vishwanath Pai
Signed-off-by: Joshua Hunt
On Thu, 2016-09-22 at 16:58 +0200, Pablo Neira Ayuso wrote:
> attributes")
>
> Always use 12 bytes commit-ids. 4da449a is too short, given the number
> of changes we're getting in the kernel tree, this may become ambiguous
> at some point so it won't be unique.
>
> You can achieve this via: git
On Tue, Sep 20, 2016 at 10:31:04AM +0800, f...@ikuai8.com wrote:
> From: Gao Feng
>
> It's better to use sizeof(info->name)-1 as index to force set the string
> tail instead of literal number '29'.
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe
On Sat, Sep 17, 2016 at 02:31:20PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> pkt->xt.thoff is not always set properly, but we use it without any check.
> For payload expr, it will cause wrong results. For nftrace, we may notify
> the wrong network or
On Thu, Sep 15, 2016 at 08:50:16PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> After commit ac2863445686 ("netfilter: bridge: add nf_afinfo to enable
> queuing to userspace"), we can queue packets to the user space in bridge
> family. But when the user
On Thu, Sep 15, 2016 at 12:02:09AM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> It's necessary to cover more test cases, for example, large queue
> range 1-65535, error queue number 65536.
>
> Also add a space before tailing square brackets, this is updated
On Wed, Sep 14, 2016 at 11:41:46PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> Currently, the user can specify the queue numbers by _QUEUE_NUM and
> _QUEUE_TOTAL attributes, this is enough in most situations.
>
> But acctually, it is not very flexible, for
On Thu, Sep 22, 2016 at 04:58:36PM +0200, Pablo Neira Ayuso wrote:
> On Wed, Sep 14, 2016 at 03:00:02PM +0200, Laura Garcia Liebana wrote:
> > Check storage of u32 netlink attributes in smaller resources. This
> > validation is usually required when the u32 netlink attributes are being
> > stored
From: Liping Zhang
Acctually, ct l3proto and ct protocol are unrelated to direction, so
it's unnecessary that we must specify dir if we want to use them.
Now add support that we can match ct l3proto/protocol without direction:
# nft add rule filter input ct
On Tue, Sep 13, 2016 at 01:50:41PM +0200, Laura Garcia Liebana wrote:
> Add support to pass through an offset value to the counter
> initialization. With this feature, the sysadmin is able to apply a value
> to be added to the generated number.
>
> Example:
>
> meta mark set numgen inc mod
On Sun, Sep 11, 2016 at 01:54:19PM -0700, Kevin Cernekee wrote:
> Some distributions, such as Gentoo and Chrome OS, try to link all
> programs with `-z now` as a security hardening measure. This breaks
> nfct, because nfct cannot satisfy all of the helper modules' symbols.
> Therefore nfct
From: Gao Feng
It is valid that the TCP RST packet which does not set ack flag, and bytes
of ack number are zero. But current seqadj codes would adjust the "0" ack
to invalid ack number. Actually seqadj need to check the ack flag before
adjust it for these RST packets.
The
From: Gao Feng
It is valid that the TCP RST packet which does not set ack flag, and bytes
of ack number are zero. But current seqadj codes would adjust the "0" ack
to invalid ack number. Actually seqadj need to check the ack flag before
adjust it for these RST packets.
The
20 matches
Mail list logo