Hi nft developers,
I would like to propose this patch to netfilter.
This patch aims that all the "--debug" levels of nft are treated as it
is in cache_update().
Currently, nft seems to omit any debug level except for "netlink"
level through cache_update(). It is not convenient to check
Hi Florian,
Are these patches likely to be reviewed recently?
Also, any recommended maintainer for delivery :P?
Thanks,
Jack--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at
Hello Pablo,
On Mon, Mar 12, 2018 at 2:33 AM, Pablo Neira Ayuso wrote:
>
> Hi Varsha,
>
> On Sat, Feb 17, 2018 at 12:19:18AM +0530, Varsha Rao wrote:
> > In nf_tables_set_alloc_name function, remove get_zeroed_page
> > find_first_zero_bit and set_bit functions. Instead use
Dear Maintainers,
Le 13/03/2018 à 15:57, Pablo Neira Ayuso a écrit :
> Please, send us patches in git-format-patch, include a patch
> description and add your Signed-off-by tag.
Please find attached the patch in git-format-patch format.
>> +/* if true (opt -Z, --zero): Reset to zero counters of
From: Florian Westphal
Date: Tue, 13 Mar 2018 14:41:39 +0100
> David Miller wrote:
>> From: Felix Fietkau
>> Date: Mon, 12 Mar 2018 20:30:01 +0100
>>
>> > It's not dead and useless. In its current state, it has a software fast
>> > path that
On Tue, 2018-03-13 at 15:59 +0100, Pablo Neira Ayuso wrote:
> On Mon, Mar 12, 2018 at 04:58:38PM -0700, Joe Perches wrote:
> > On Mon, 2018-03-12 at 18:14 -0500, Gustavo A. R. Silva wrote:
> > > In preparation to enabling -Wvla, remove VLA and replace it
> > > with dynamic memory allocation.
> > >
David Miller wrote:
[ flow tables ]
> Ok, that seems to constrain the exposure.
>
> We should talk at some point about how exposed conntrack itself is.
Sure, we can do that.
If you have specific scenarios (synflood, peer that opens
100k (legitimate) connections,
On Mon, Mar 12, 2018 at 04:58:38PM -0700, Joe Perches wrote:
> On Mon, 2018-03-12 at 18:14 -0500, Gustavo A. R. Silva wrote:
> > In preparation to enabling -Wvla, remove VLA and replace it
> > with dynamic memory allocation.
> >
> > From a security viewpoint, the use of Variable Length Arrays can
On Mon, Mar 12, 2018 at 11:58:01PM +0100, Alban Vidal wrote:
[...]
> diff --git a/iptables/ip6tables-save.c b/iptables/ip6tables-save.c
> index 8e3a6afd..a94beffc 100644
Please, send us patches in git-format-patch, include a patch
description and add your Signed-off-by tag.
More comments below.
On Tue, Mar 13, 2018 at 01:32:18AM +, Bernie Harris wrote:
> Hi Pablo, thanks for the reply. Just wanted to clarify your first comment
> below:
>
> On Mon, Mar 12, 2018 at 09:41:00AM +0100, Pablo Neira Ayuso wrote:
> > To: Bernie Harris
> > Cc: netfilter-devel@vger.kernel.org;
David Miller wrote:
> From: Felix Fietkau
> Date: Mon, 12 Mar 2018 20:30:01 +0100
>
> > It's not dead and useless. In its current state, it has a software fast
> > path that significantly improves nftables routing/NAT throughput,
> > especially on embedded
On Tue, Mar 13, 2018 at 7:16 AM, Rafał Miłecki wrote:
> On Mon, 5 Mar 2018 23:11:38 +0100, Pablo Neira Ayuso wrote:
>> On Mon, Feb 26, 2018 at 10:15:07AM +0100, Felix Fietkau wrote:
>> > Fixes issues with connections hanging after >30 seconds idle time.
>> >
>> > Changes since
On Mon, 5 Mar 2018 23:11:38 +0100, Pablo Neira Ayuso wrote:
> On Mon, Feb 26, 2018 at 10:15:07AM +0100, Felix Fietkau wrote:
> > Fixes issues with connections hanging after >30 seconds idle time.
> >
> > Changes since v2:
> > - Include the previous patch series
> > - Rebase to current nf.git
> >
13 matches
Mail list logo