Re: AUDIT_NETFILTER_PKT message format

2017-02-13 Thread Richard Guy Briggs
On 2017-02-13 18:50, Paul Moore wrote: > On Mon, Feb 13, 2017 at 3:50 PM, Richard Guy Briggs wrote: > > On 2017-02-13 12:57, Steve Grubb wrote: > >> On Friday, February 10, 2017 5:54:45 PM EST Richard Guy Briggs wrote: > >> > On 2017-02-10 17:39, Steve Grubb wrote: > >> > > > The

Re: AUDIT_NETFILTER_PKT message format

2017-02-13 Thread Paul Moore
On Mon, Feb 13, 2017 at 3:50 PM, Richard Guy Briggs wrote: > On 2017-02-13 12:57, Steve Grubb wrote: >> On Friday, February 10, 2017 5:54:45 PM EST Richard Guy Briggs wrote: >> > On 2017-02-10 17:39, Steve Grubb wrote: >> > > > The alternatives that I currently see are to drop

[PATCH nf-next] netfilter: nft_ct: fix random validation errors for zone set support

2017-02-13 Thread Florian Westphal
Dan reports: net/netfilter/nft_ct.c:549 nft_ct_set_init() error: uninitialized symbol 'len'. Reported-by: Dan Carpenter Fixes: edee4f1e924582 ("netfilter: nft_ct: add zone id set support") Signed-off-by: Florian Westphal --- net/netfilter/nft_ct.c |

Re: AUDIT_NETFILTER_PKT message format

2017-02-13 Thread Richard Guy Briggs
On 2017-02-13 12:57, Steve Grubb wrote: > On Friday, February 10, 2017 5:54:45 PM EST Richard Guy Briggs wrote: > > On 2017-02-10 17:39, Steve Grubb wrote: > > > > The alternatives that I currently see are to drop packets for which > > > > there is no local process ownership, or to leave the

[bug report] netfilter: nft_ct: add zone id set support

2017-02-13 Thread Dan Carpenter
Hello Florian Westphal, The patch edee4f1e9245: "netfilter: nft_ct: add zone id set support" from Feb 3, 2017, leads to the following static checker warning: net/netfilter/nft_ct.c:549 nft_ct_set_init() error: uninitialized symbol 'len'. net/netfilter/nft_ct.c 498 static int

Re: AUDIT_NETFILTER_PKT message format

2017-02-13 Thread Steve Grubb
On Friday, February 10, 2017 5:54:45 PM EST Richard Guy Briggs wrote: > On 2017-02-10 17:39, Steve Grubb wrote: > > > The alternatives that I currently see are to drop packets for which > > > there is no local process ownership, or to leave the ownership fields > > > unset.> > > > What ownership

[PATCH nft] doc: Document maps

2017-02-13 Thread Elise Lennion
This patch adds the missing documentation for maps. Also, updates sets policy to match maps. Signed-off-by: Elise Lennion --- doc/nft.xml | 105 +++- 1 file changed, 104 insertions(+), 1 deletion(-) diff --git

[PATCH ulogd2 2/2] rotate all default output files

2017-02-13 Thread Kaarle Ritvanen
Signed-off-by: Kaarle Ritvanen --- ulogd.logrotate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ulogd.logrotate b/ulogd.logrotate index b3fb6d1..3b4c487 100644 --- a/ulogd.logrotate +++ b/ulogd.logrotate @@ -1,4 +1,4 @@ -/var/log/ulogd.log