nftables patch proposal: debug_mask propagate through cache_update() just as it is.

Hi nft developers, I would like to propose this patch to netfilter. This patch aims that all the "--debug" levels of nft are treated as it is in cache_update(). Currently, nft seems to omit any debug level except for "netlink" level through cache_update(). It is not convenient to check

Re: [PATCH] support bit shifting operations

Hi Florian, Are these patches likely to be reviewed recently? Also, any recommended maintainer for delivery :P? Thanks, Jack-- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at

Re: [PATCH nf-next] net: netfilter: nf_tables_api: Use id allocation.

Hello Pablo, On Mon, Mar 12, 2018 at 2:33 AM, Pablo Neira Ayuso wrote: > > Hi Varsha, > > On Sat, Feb 17, 2018 at 12:19:18AM +0530, Varsha Rao wrote: > > In nf_tables_set_alloc_name function, remove get_zeroed_page > > find_first_zero_bit and set_bit functions. Instead use

Re: iptables-save - suggest patch to add functionality

Dear Maintainers, Le 13/03/2018 à 15:57, Pablo Neira Ayuso a écrit : > Please, send us patches in git-format-patch, include a patch > description and add your Signed-off-by tag. Please find attached the patch in git-format-patch format. >> +/* if true (opt -Z, --zero): Reset to zero counters of

Re: [PATCH 00/30] Netfilter/IPVS updates for net-next

From: Florian Westphal Date: Tue, 13 Mar 2018 14:41:39 +0100 > David Miller wrote: >> From: Felix Fietkau >> Date: Mon, 12 Mar 2018 20:30:01 +0100 >> >> > It's not dead and useless. In its current state, it has a software fast >> > path that

Re: [PATCH] netfilter: cttimeout: remove VLA usage

On Tue, 2018-03-13 at 15:59 +0100, Pablo Neira Ayuso wrote: > On Mon, Mar 12, 2018 at 04:58:38PM -0700, Joe Perches wrote: > > On Mon, 2018-03-12 at 18:14 -0500, Gustavo A. R. Silva wrote: > > > In preparation to enabling -Wvla, remove VLA and replace it > > > with dynamic memory allocation. > > >

Re: [PATCH 00/30] Netfilter/IPVS updates for net-next

David Miller wrote: [ flow tables ] > Ok, that seems to constrain the exposure. > > We should talk at some point about how exposed conntrack itself is. Sure, we can do that. If you have specific scenarios (synflood, peer that opens 100k (legitimate) connections,

Re: [PATCH] netfilter: cttimeout: remove VLA usage

On Mon, Mar 12, 2018 at 04:58:38PM -0700, Joe Perches wrote: > On Mon, 2018-03-12 at 18:14 -0500, Gustavo A. R. Silva wrote: > > In preparation to enabling -Wvla, remove VLA and replace it > > with dynamic memory allocation. > > > > From a security viewpoint, the use of Variable Length Arrays can

Re: iptables-save - suggest patch to add functionality

On Mon, Mar 12, 2018 at 11:58:01PM +0100, Alban Vidal wrote: [...] > diff --git a/iptables/ip6tables-save.c b/iptables/ip6tables-save.c > index 8e3a6afd..a94beffc 100644 Please, send us patches in git-format-patch, include a patch description and add your Signed-off-by tag. More comments below.

Re: [PATCH 2/2] ebtables: Add string filter

On Tue, Mar 13, 2018 at 01:32:18AM +, Bernie Harris wrote: > Hi Pablo, thanks for the reply. Just wanted to clarify your first comment > below: > > On Mon, Mar 12, 2018 at 09:41:00AM +0100, Pablo Neira Ayuso wrote: > > To: Bernie Harris > > Cc: netfilter-devel@vger.kernel.org;

Re: [PATCH 00/30] Netfilter/IPVS updates for net-next

David Miller wrote: > From: Felix Fietkau > Date: Mon, 12 Mar 2018 20:30:01 +0100 > > > It's not dead and useless. In its current state, it has a software fast > > path that significantly improves nftables routing/NAT throughput, > > especially on embedded

Re: [PATCH v3 0/17] netfilter: nf_flow_table: refactoring, TCP state tracking, sending flows to slow path

On Tue, Mar 13, 2018 at 7:16 AM, Rafał Miłecki wrote: > On Mon, 5 Mar 2018 23:11:38 +0100, Pablo Neira Ayuso wrote: >> On Mon, Feb 26, 2018 at 10:15:07AM +0100, Felix Fietkau wrote: >> > Fixes issues with connections hanging after >30 seconds idle time. >> > >> > Changes since

Re: [PATCH v3 0/17] netfilter: nf_flow_table: refactoring, TCP state tracking, sending flows to slow path

On Mon, 5 Mar 2018 23:11:38 +0100, Pablo Neira Ayuso wrote: > On Mon, Feb 26, 2018 at 10:15:07AM +0100, Felix Fietkau wrote: > > Fixes issues with connections hanging after >30 seconds idle time. > > > > Changes since v2: > > - Include the previous patch series > > - Rebase to current nf.git > >