On Wed, Apr 25, 2018 at 03:11:07PM +0200, Florian Westphal wrote:
> After processing the transaction log, the remaining entries of the log
> need to be released.
>
> However, in some cases no entries remain, e.g. because the transaction
> did not remove anything.
Also applied, thanks.
--
To
On Wed, Apr 25, 2018 at 01:38:47PM +0200, Florian Westphal wrote:
> ebtables uses find_match() rather than find_request_match in one case
> (see bcf4934288402be3464110109a4dae3bd6fb3e93,
> "netfilter: ebtables: Fix extension lookup with identical name"), so
> extend the check on name length to
On Sat, Apr 21, 2018 at 01:43:48PM +0200, Jozsef Kadlecsik wrote:
> Dominique Martinet reported a TCP hang problem when simultaneous open was
> used.
> The problem is that the tcp_conntracks state table is not smart enough
> to handle the case. The state table could be fixed by introducing a new
Hi Florent,
On Fri, Apr 20, 2018 at 10:48:55AM +0200, Florent Fourcot wrote:
> IPCTNL_MSG_CT_GET_STATS netlink command allow to monitor current number
> of conntrack entries. However, if one wants to compare it with the
> maximum (and detect exhaustion), the only solution is currently to read
>
On Wed, Mar 21, 2018 at 03:42:29PM +1300, Bernie Harris wrote:
> This patch is part of a proposal to add a string filter to
> ebtables, which would be similar to the string filter in
> iptables.
>
> Like iptables, the ebtables filter uses the xt_string module,
> however some modifications have
On Fri, Apr 27, 2018 at 12:25:25AM +0200, Pablo Neira Ayuso wrote:
> On Tue, Apr 24, 2018 at 08:49:33PM +0200, Phil Sutter wrote:
> > Hi,
> >
> > On Tue, Apr 24, 2018 at 05:51:39PM +0200, Pablo Neira Ayuso wrote:
> > > On Fri, Apr 20, 2018 at 09:21:12AM -0400, Eric Garver wrote:
> > > > On Fri,
On Tue, Apr 24, 2018 at 08:49:33PM +0200, Phil Sutter wrote:
> Hi,
>
> On Tue, Apr 24, 2018 at 05:51:39PM +0200, Pablo Neira Ayuso wrote:
> > On Fri, Apr 20, 2018 at 09:21:12AM -0400, Eric Garver wrote:
> > > On Fri, Apr 20, 2018 at 12:00:54PM +0200, Jan Engelhardt wrote:
> > > >
> > > > On
On Thu, Apr 26, 2018 at 02:14:25PM +0200, Simon Horman wrote:
> On Tue, Apr 24, 2018 at 08:16:14AM +0300, Julian Anastasov wrote:
> >
> > Hello,
> >
> > On Mon, 23 Apr 2018, Cong Wang wrote:
> >
> > > tbl->entries is not initialized after kmalloc(), therefore
> > > causes an uninit-value
On Thu, Apr 26, 2018 at 02:14:36PM +0200, Simon Horman wrote:
> On Tue, Apr 24, 2018 at 08:17:06AM +0300, Julian Anastasov wrote:
> >
> > Hello,
> >
> > On Mon, 23 Apr 2018, Cong Wang wrote:
> >
> > > Similarly, tbl->entries is not initialized after kmalloc(),
> > > therefore causes an
On Thu, Apr 19, 2018 at 10:56:09AM +0200, Simon Horman wrote:
> Hi Pablo,
>
> please consider these IPVS enhancements for v4.18.
>
> * Whitepace cleanup
>
> * Add Maglev hashing algorithm as a IPVS scheduler
>
> Inju Song says "Implements the Google's Maglev hashing algorithm as a
> IPVS
On Sat, Apr 21, 2018 at 09:10:09PM -0700, Randy Dunlap wrote:
> From: Randy Dunlap
>
> Fix build errors due to a missing Kconfig dependency term.
> Fixes these build errors:
>
> net/ipv6/netfilter/nft_chain_nat_ipv6.o: In function `nft_nat_do_chain':
>
On Mon, Apr 16, 2018 at 07:15:56PM +0200, Florian Westphal wrote:
> before:
>textdata bss dec hex filename
>5056 844 05900170c net/netfilter/nft_exthdr.ko
> 1024562316 401 105173 19ad5 net/netfilter/nf_tables.ko
>
> after:
> 1064102392
On Mon, Apr 16, 2018 at 07:15:55PM +0200, Florian Westphal wrote:
> before:
>textdata bss dec hex filename
>2657 844 03501 dad net/netfilter/nft_rt.ko
> 1008262240 401 103467 1942b net/netfilter/nf_tables.ko
> after:
>2657 844 0
On Mon, Apr 16, 2018 at 06:04:49PM +0200, Florian Westphal wrote:
> Marco De Benedetto says:
> I would like to use a timeout of 30 days for elements in a set but it
> seems there is a some kind of problem above 24d20h31m23s.
>
> Fix this by using 'jiffies64' for timeout handling to get same
On Mon, Apr 16, 2018 at 06:52:58PM +0200, Florian Westphal wrote:
> nft rejects rules that lack a timeout and a size limit when they're used
> to add elements from packet path.
>
> Pick a sane upperlimit instead of rejecting outright.
> The upperlimit is visible to userspace, just as if it would
On Mon, Apr 16, 2018 at 07:15:53PM +0200, Florian Westphal wrote:
> It overcomplicates things for no reason.
> nft_meta_bridge only offers retrieval of bridge port interface name.
>
> Because of this being its own module, we had to export all nft_meta
> functions, which we can then make static
On Mon, Apr 09, 2018 at 12:00:21AM +0900, Taehee Yoo wrote:
> A ebt_free_table_info frees all of chainstacks.
> It similar to xt_free_table_info. this inline function
> reduces code line.
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of
On Mon, Apr 09, 2018 at 12:01:24AM +0900, Taehee Yoo wrote:
> In the check_target, ip6t_get_target is called twice.
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at
On Fri, Apr 13, 2018 at 11:10:20PM +0900, Taehee Yoo wrote:
> ipt_get_target is used to get struct xt_entry_target
> and ipt_get_target_c is used to get const struct xt_entry_target.
> However in the ipt_do_table, ipt_get_target is used to get
> const struct xt_entry_target. it should be replaced
On Fri, Apr 13, 2018 at 11:09:58PM +0900, Taehee Yoo wrote:
> ebt_get_target similar to {ip/ip6/arp}t_get_target.
> and ebt_get_target_c similar to {ip/ip6/arp}t_get_target_c.
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message
On Mon, Apr 09, 2018 at 12:00:57AM +0900, Taehee Yoo wrote:
> EBT_MATCH and EBT_NOMATCH are used to change return value.
> match functions(ebt_xxx.c) return false when received frame is not matched
> and returns true when received frame is matched.
> but, EBT_MATCH_ITERATE understands oppositely.
On Tue, Apr 03, 2018 at 11:15:39PM +0200, Phil Sutter wrote:
> Drop nft_set_type's ability to act as a container of multiple backend
> implementations it chooses from. Instead consolidate the whole selection
> logic in nft_select_set_ops() and the actual backend provided estimate()
> callback.
>
On Wed, Apr 04, 2018 at 03:38:22PM +0200, Thierry Du Tre wrote:
> This is a patch proposal to support shifted ranges in portmaps.
> (i.e. tcp/udp incoming port 5000-5100 on WAN redirected to LAN
> 192.168.1.5:2000-2100)
>
> Currently DNAT only works for single port or identical port ranges.
>
On Mon, Feb 26, 2018 at 10:15:07AM +0100, Felix Fietkau wrote:
> Fixes issues with connections hanging after >30 seconds idle time.
>
> Changes since v2:
> - Include the previous patch series
> - Rebase to current nf.git
> - Provide longer description for the teardown state and the changes
>
Call hook number to string function instead.
Signed-off-by: Pablo Neira Ayuso
---
src/rule.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/rule.c b/src/rule.c
index e0e06c523241..589bf21ac4d3 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1637,7
Signed-off-by: Pablo Neira Ayuso
---
src/evaluate.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/src/evaluate.c b/src/evaluate.c
index 265a73fe9b65..035d07632a9e 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2956,6 +2956,7 @@ static int
Signed-off-by: Florian Westphal
---
include/net/netfilter/nf_nat_l3proto.h | 24
net/ipv4/netfilter/iptable_nat.c | 3 +--
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 14 +-
net/ipv4/netfilter/nft_chain_nat_ipv4.c | 3 +--
On Tue, Apr 24, 2018 at 08:17:06AM +0300, Julian Anastasov wrote:
>
> Hello,
>
> On Mon, 23 Apr 2018, Cong Wang wrote:
>
> > Similarly, tbl->entries is not initialized after kmalloc(),
> > therefore causes an uninit-value warning in ip_vs_lblc_check_expire(),
> > as reported by syzbot.
>
On Tue, Apr 24, 2018 at 08:16:14AM +0300, Julian Anastasov wrote:
>
> Hello,
>
> On Mon, 23 Apr 2018, Cong Wang wrote:
>
> > tbl->entries is not initialized after kmalloc(), therefore
> > causes an uninit-value warning in ip_vs_lblc_check_expire()
> > as reported by syzbot.
> >
> >
29 matches
Mail list logo