4.19.x kernels oops in nf_conncount_destroy

EPILOGUE-AS-PREAMBLE: I had already typed most of this when I thought to search the netfilter-devel archive. I found this, which sounds an awful lot like my issue: https://www.spinics.net/lists/netfilter-devel/msg56882.html However, the patch link in the first followup seems empty, so I can't

[PATCH nf] netfilter: nf_tables: deactivate expressions in rule replecement routine

Rule replacement routine removes an old rule then adds a new rule. In the old rule removing routine, below steps are needed. Allocate trans, deactivate rule and deactivate expressons of rule. But there is no expression deactivation routine in rule replacement routine. test commands: %nft add

Re: [iptables PATCH] xtables: Don't use native nftables comments

On Tue, Nov 27, 2018 at 08:07:11PM +0100, Phil Sutter wrote: > The problem with converting libxt_comment into nftables comment is that > rules change when parsing from kernel due to comment match being moved > to the end of the match list. And since match ordering matters, the rule > may not be

[iptables PATCH] xtables: Don't use native nftables comments

The problem with converting libxt_comment into nftables comment is that rules change when parsing from kernel due to comment match being moved to the end of the match list. And since match ordering matters, the rule may not be found anymore when checking or deleting. Apart from that, iptables-nft

[PATCH] netfilter: ipset: fix ip_set_byindex function

New function added by "Introduction of new commands and protocol version 7" is not working, since we return skb2 to user Signed-off-by: Victorien Molle Signed-off-by: Florent Fourcot --- net/netfilter/ipset/ip_set_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

Re: iptables configure ignore "--disable-silent-rules"

On Tuesday 2018-11-27 12:56, Rolf Eike Beer wrote: >Hi, > >it seems to me that "--disable-silent-rules" has no effect on iptables >configure, i.e. I still have to pass V=1 to make to see what it is actually >doing. This is expected because automake is not used in every directory. But V=1 is

iptables configure ignore "--disable-silent-rules"

Hi, it seems to me that "--disable-silent-rules" has no effect on iptables configure, i.e. I still have to pass V=1 to make to see what it is actually doing. It also seems that the netfilter-announce archive is missing some mails (or they never got send), at least I don't see any iptables

[PATCH] netfilter: nf_nat_sip: fix RTP/RTCP source port translations

Perform the same SNAT translation on RTP/RTCP conntracks regardless of who sends the first datagram. Prior to this change, RTP packets send by the peer who required source port translation were forwarded with unmodified source port when this peer started its voice/video stream first.