Re: [RFC/RFT, net-next, 00/17] net: Convert neighbor tables to per-namespace

On 07/17/2018 03:06 PM, dsah...@kernel.org wrote: > From: David Ahern > > Nikita Leshenko reported that neighbor entries in one namespace can > evict neighbor entries in another. The problem is that the neighbor > tables have entries across all namespaces without separate accounting > and with gl

Re: url filtering with netfiler

On 08/12/2018 12:24 AM, Oleg wrote: On Sat, Aug 11, 2018 at 12:15:26PM +0200, Pablo Neira Ayuso wrote: We used to have mmap for nfq but that was removed because there was no performance gain from it. Interesting. I didn't know about it. Was that a work without kernelspace to userspace cop

Re: url filtering with netfiler

On Sat, Aug 11, 2018 at 12:15:26PM +0200, Pablo Neira Ayuso wrote: > We used to have mmap for nfq but that was removed because there was no > performance gain from it. Interesting. I didn't know about it. Was that a work without kernelspace to userspace copying? > I think it's unlikely we'll se

Re: [PATCH 3/3 nft] src: osf: import nfnl_osf.c to load osf fingerprints

On 08/11/2018 12:03 PM, Pablo Neira Ayuso wrote: +#endif /* _NF_OSF_H */ diff --git a/include/nfnl_osf.h b/include/nfnl_osf.h new file mode 100644 index 000..d9287e9 --- /dev/null +++ b/include/nfnl_osf.h @@ -0,0 +1,6 @@ +#ifndef _NFNL_OSF_H +#define _NFNL_OSF_H + +int nfnl_osf_load_finger

[PATCH v2] nft: doc: Fixed typos in asciidoc

Correct all the typo mistakes done while converting man page source to asciidoc. Signed-off-by: Arushi Singhal --- changes in v2 -submit the patch on top of current git HEAD doc/data-types.txt | 2 +- doc/nft.txt| 6 +++--- doc/primary-expression.txt | 2 +- doc/statemen

Re: url filtering with netfiler

On Fri, Aug 10, 2018 at 04:50:09PM +0300, Oleg wrote: > On Fri, Aug 10, 2018 at 02:01:25PM +0200, Pablo Neira Ayuso wrote: > > On Thu, Aug 02, 2018 at 10:44:14PM +0300, Oleg wrote: > > > On Thu, Aug 02, 2018 at 06:44:26PM +0430, Saber Rezvani wrote: > > > IMHO, this can be easier implemented with h

Re: [PATCH 3/3 nft] src: osf: import nfnl_osf.c to load osf fingerprints

On Fri, Aug 10, 2018 at 03:02:00PM +0200, Fernando Fernandez Mancera wrote: > Import iptables/utils/nfnl_osf.c into nftables tree with some changes in order > to load OS fingerprints automatically from pf.os file. > > Signed-off-by: Fernando Fernandez Mancera > --- > include/linux/netfilter/nfne

Re: [PATCH 1/3 nft] files: osf: copy iptables/utils/pf.os into nftables tree

On Fri, Aug 10, 2018 at 03:01:58PM +0200, Fernando Fernandez Mancera wrote: > As we are going to need pf.os file to load OS fingerprints from the incoming > nfnl_osf.c, we copy it into the nftables tree directory "files/osf/". Could you also add a Makefile.am for files/osf/ and update files/Makefi