Hi Joe,
Quoting Joe Perches :
On Mon, 2017-06-26 at 17:34 -0500, Gustavo A. R. Silva wrote:
Value assigned to variable _ret_ at line 970 is overwritten either at
line 986 or 988, before it can be used. This makes such variable
assignment useless.
Addresses-Coverity-ID: 1226932
[]
diff --git
On Mon, 2017-06-26 at 17:34 -0500, Gustavo A. R. Silva wrote:
> Value assigned to variable _ret_ at line 970 is overwritten either at
> line 986 or 988, before it can be used. This makes such variable
> assignment useless.
>
> Addresses-Coverity-ID: 1226932
[]
> diff --git a/net/ipv4/netfilter/ip_
Value assigned to variable _ret_ at line 970 is overwritten either at
line 986 or 988, before it can be used. This makes such variable
assignment useless.
Addresses-Coverity-ID: 1226932
Signed-off-by: Gustavo A. R. Silva
---
net/ipv4/netfilter/ip_tables.c | 2 +-
1 file changed, 1 insertion(+),
From: Piotr Radoslaw Sawicki
Add information about retrieving UID/GID/SECCTX fields
Signed-off-by: Piotr Radoslaw Sawicki
---
src/libnetfilter_queue.c | 19 +++
1 file changed, 19 insertions(+)
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c
index 1702158..40
Le 2017-06-26 20:41, Loic a écrit :
Le 2017-06-25 21:45, Jan Engelhardt a écrit :
On Wednesday 2017-06-21 18:16, Pablo Neira Ayuso wrote:
Hi Loic,
On Tue, Jun 20, 2017 at 08:31:26PM +0200, Loic wrote:
Hi,
I think there is a problem in the geoip code because I detect this:
grep -ar "cicus.1
Le 2017-06-25 21:45, Jan Engelhardt a écrit :
On Wednesday 2017-06-21 18:16, Pablo Neira Ayuso wrote:
Hi Loic,
On Tue, Jun 20, 2017 at 08:31:26PM +0200, Loic wrote:
Hi,
I think there is a problem in the geoip code because I detect this:
grep -ar "cicus.162_313 max" /usr/src/xtables-addons-2
On Mon, Jun 26, 2017 at 11:38 PM, Pablo Neira Ayuso wrote:
> On Mon, Jun 26, 2017 at 11:24:23PM +0530, Shyam Saini wrote:
>> On Mon, Jun 26, 2017 at 11:07 PM, Pablo Neira Ayuso
>> wrote:
>> > On Mon, Jun 26, 2017 at 11:02:34PM +0530, Shyam Saini wrote:
>> >> On Mon, Jun 26, 2017 at 10:29 PM, Pab
On Mon, Jun 26, 2017 at 11:24:23PM +0530, Shyam Saini wrote:
> On Mon, Jun 26, 2017 at 11:07 PM, Pablo Neira Ayuso
> wrote:
> > On Mon, Jun 26, 2017 at 11:02:34PM +0530, Shyam Saini wrote:
> >> On Mon, Jun 26, 2017 at 10:29 PM, Pablo Neira Ayuso
> >> wrote:
> >> > On Fri, Jun 23, 2017 at 05:35:
On Mon, Jun 26, 2017 at 11:07 PM, Pablo Neira Ayuso wrote:
> On Mon, Jun 26, 2017 at 11:02:34PM +0530, Shyam Saini wrote:
>> On Mon, Jun 26, 2017 at 10:29 PM, Pablo Neira Ayuso
>> wrote:
>> > On Fri, Jun 23, 2017 at 05:35:55PM +0530, Shyam Saini wrote:
>> >> Before the [Test] commit if we run nf
On Mon, Jun 26, 2017 at 11:02:34PM +0530, Shyam Saini wrote:
> On Mon, Jun 26, 2017 at 10:29 PM, Pablo Neira Ayuso
> wrote:
> > On Fri, Jun 23, 2017 at 05:35:55PM +0530, Shyam Saini wrote:
> >> Before the [Test] commit if we run nft with incomplete "add set"
> >> command it caused segmentation fa
On Mon, Jun 26, 2017 at 10:29 PM, Pablo Neira Ayuso wrote:
> On Fri, Jun 23, 2017 at 05:35:55PM +0530, Shyam Saini wrote:
>> Before the [Test] commit if we run nft with incomplete "add set"
>> command it caused segmentation fault and exit with error code 139 and
>> further it didn't throw any erro
On Wed, Jun 21, 2017 at 02:17:45PM +0530, Shyam Saini wrote:
> when we have "fail" in the test cases then py test doesn't complain
> anything, but the test should complain if the fix is not applied.
>
> Before applying the [Test] commit, nft throws following error message
> and exits with error co
On Wed, Jun 21, 2017 at 11:18:46PM +0200, Richard Weinberger wrote:
> Time to make a new version such that distros can pick this version.
> Many distros ship only 1.0.2 which is almost five years old and
> does not support recent netfilter features such as NFQA_CT.
>
> Signed-off-by: Richard Weinb
On Mon, Jun 26, 2017 at 06:53:09PM +0200, Florian Westphal wrote:
> Lin Zhang wrote:
> > In the current conntrack extend code, if we want to add a new
> > extension, we must be add a new extension id and recompile kernel.
> > I think that is not be convenient for users, so i add a new extension
On Fri, Jun 23, 2017 at 06:38:25PM +0200, Pablo M. Bermudo Garay wrote:
> Sometimes it can be useful to test if a command is valid without
> applying any change to the rule-set. This commit adds a new option
> flag (-c | --check) that performs a dry run execution of the commands.
Also applied, tha
On Fri, Jun 23, 2017 at 06:38:24PM +0200, Pablo M. Bermudo Garay wrote:
> The new structure nft_ctx is meant to be used as a generic container of
> context information.
>
> This is a preparatory patch. So at the moment the struct just carry
> output_ctx on his path through main.c and cli.c.
Appli
On Fri, Jun 23, 2017 at 05:35:56PM +0530, Shyam Saini wrote:
> Before the [Test] commit, nft error message was pointing to wrong
> file.
>
> But after the commit it points to right file.
> This commit test the changes made in the [Test] commit.
Also applied, thanks.
--
To unsubscribe from this li
On Fri, Jun 23, 2017 at 05:35:55PM +0530, Shyam Saini wrote:
> Before the [Test] commit if we run nft with incomplete "add set"
> command it caused segmentation fault and exit with error code 139 and
> further it didn't throw any error message.
>
> For example:
> $ sudo nft add set t s
>
>
Lin Zhang wrote:
> In the current conntrack extend code, if we want to add a new
> extension, we must be add a new extension id and recompile kernel.
> I think that is not be convenient for users, so i add a new extension named
> NF_CT_EXT_EXPAND for supporting dynamic register/unregister expans
On Mon, Jun 26, 2017 at 02:10:46PM +0800, Lin Zhang wrote:
> In the current conntrack extend code, if we want to add a new
> extension, we must be add a new extension id and recompile kernel.
Yes, this is designed in this way on purpose.
Because we do not want to endorse proliferation of out-of
Hi Lin,
[auto build test ERROR on net-next/master]
url:
https://github.com/0day-ci/linux/commits/Lin-Zhang/netfilter-conntrack-add-a-new-NF_CT_EXT_EXPAND-extension/20170627-000844
config: blackfin-allyesconfig (attached as .config)
compiler: bfin-uclinux-gcc (GCC) 6.2.0
reproduce:
wge
Hi,
I'm testing some extensions of iptables and liked a lot about nfacct.
The only issue so far was the xml output of nfacct command. Its
'packets' and 'bytes' tags are inverting values.Could you check it?
Ex:
$ nfacct list xml && nfacct list
XML output
Bjørnar Ness wrote:
> When trying to narrow down the problem, I removed the NAT rules, and
> in particular
> the
>
> chain postrouting {
> type nat hook postrouting priority 100
> }
>
> And the problem disappears. Commenting in the above block again,
> causes the following to happen:
>
> kworker
23 matches
Mail list logo