Re: net: suspicious RCU usage in nf_hook

On Wed, 2017-02-01 at 15:48 -0800, Eric Dumazet wrote: > On Wed, Feb 1, 2017 at 3:29 PM, Cong Wang wrote: > > > Not sure if it is better. The difference is caught up in > > net_enable_timestamp(), > > which is called setsockopt() path and sk_clone() path, so we could

Re: net: suspicious RCU usage in nf_hook

On Wed, Feb 1, 2017 at 3:29 PM, Cong Wang wrote: > Not sure if it is better. The difference is caught up in > net_enable_timestamp(), > which is called setsockopt() path and sk_clone() path, so we could be > in netstamp_needed state for a long time too until user-space

Re: net: suspicious RCU usage in nf_hook

On Wed, Feb 1, 2017 at 1:16 PM, Eric Dumazet wrote: > On Wed, 2017-02-01 at 12:51 -0800, Cong Wang wrote: >> On Tue, Jan 31, 2017 at 7:44 AM, Eric Dumazet wrote: >> > On Mon, 2017-01-30 at 22:19 -0800, Cong Wang wrote: >> > >> >> >> >> The context

Re: net: suspicious RCU usage in nf_hook

On Wed, 2017-02-01 at 13:16 -0800, Eric Dumazet wrote: > This would permanently leave the kernel in the netstamp_needed state. > > I would prefer the patch using a process context to perform the > cleanup ? Note there is a race window, but probably not a big deal. > > net/core/dev.c | 30

Re: net: suspicious RCU usage in nf_hook

On Wed, 2017-02-01 at 12:51 -0800, Cong Wang wrote: > On Tue, Jan 31, 2017 at 7:44 AM, Eric Dumazet wrote: > > On Mon, 2017-01-30 at 22:19 -0800, Cong Wang wrote: > > > >> > >> The context is process context (TX path before hitting qdisc), and > >> BH is not disabled, so

Re: net: suspicious RCU usage in nf_hook

On Tue, Jan 31, 2017 at 7:44 AM, Eric Dumazet wrote: > On Mon, 2017-01-30 at 22:19 -0800, Cong Wang wrote: > >> >> The context is process context (TX path before hitting qdisc), and >> BH is not disabled, so in_interrupt() doesn't catch it. Hmm, this >> makes me thinking

[PATCH v3] netfilter: nf_ct_helper: warn when not applying default helper assignment

From: Jiri Kosina Commit 3bb398d925 ("netfilter: nf_ct_helper: disable automatic helper assignment") is causing behavior regressions in firewalls, as traffic handled by conntrack helpers is now by default not passed through even though it was before due to missing CT targets

Re: [PATCH v2] netfilter: nf_ct_helper: warn when not applying default helper assignment

On Wed, 1 Feb 2017, Pablo Neira Ayuso wrote: > > +{ > > + struct nf_conntrack_helper *ret; > > + > > + if (!net->ct.sysctl_auto_assign_helper) { > > + if (net->ct.auto_assign_helper_warned) > > + return NULL; > > + if (!find_auto_helper(ct)) > > This

Re: [PATCH nft] src: Always print range expressions numerically

On Mon, Jan 30, 2017 at 12:05:20PM -0200, Elise Lennion wrote: > Because the rules are more legible this way. Also, the parser doesn't > accept strings on ranges, so, printing ranges numerically better match > the rules definition. > > Fixes(Bug 1046 - mobility header with range gives illegible

Re: [PATCH] iptables: update pf.os

On Mon, Jan 30, 2017 at 11:30:16AM +0100, Xose Vazquez Perez wrote: > Sync with latest OpenBSD release. > Changelog: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os Applied, thanks Xose. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message

Re: [PATCH 1/2 conntrack-tools] conntrackd: cthelper: Free pktb after use

On Fri, Jan 27, 2017 at 12:38:46PM -0800, Kevin Cernekee wrote: > According to valgrind, this currently leaks ~512B to 2kB for each > packet sent to the userspace helper. Applied, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to