RE: [PATCH v2 0/9] Remove spin_unlock_wait()

From: Paul E. McKenney > Sent: 06 July 2017 00:30 > There is no agreed-upon definition of spin_unlock_wait()'s semantics, > and it appears that all callers could do just as well with a lock/unlock > pair. This series therefore removes spin_unlock_wait() and changes > its users to instead use a

RE: [PATCH 25/29] netfilter, kbuild: use canonical method to specify objs.

From: Pablo Neira Ayuso > Sent: 29 June 2017 23:53 > Should use ":=" instead of "+=". ... > diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile > index c9b78e7b342f..913380919301 100644 > --- a/net/netfilter/Makefile > +++ b/net/netfilter/Makefile > @@ -70,10 +70,9 @@

RE: [PATCH nf-next] netns: add and use net_ns_barrier

From: Florian Westphal > Sent: 30 May 2017 10:38 > > Quoting Joe Stringer: > If a user loads nf_conntrack_ftp, sends FTP traffic through a network > namespace, destroys that namespace then unloads the FTP helper module, > then the kernel will crash. > > Events that lead to the crash: > 1.

RE: [PATCH] netfilter: ipset: Use max macro instead of ternary operator

From: simran singhal > Sent: 28 March 2017 14:33 > This patch replaces ternary operator with macro max as it shorter and > thus increases code readability. Macro max return the maximum of the two > compared values. ... > /* Convert error codes to nomatch */ > - return (ret < 0 ? 0 :

RE: [PATCH] net: netfilter: Remove multiple assignment.

From: Pablo Neira Ayuso > Sent: 27 March 2017 13:08 > On Sat, Mar 25, 2017 at 06:19:47PM +0530, Arushi Singhal wrote: > > This patch removes multiple assignments. > > Done using coccinelle. > > @@ > > identifier i1,i2; > > constant c; > > @@ > > - i1=i2=c; > > + i1=c; > > + i2=c; > > You have to

RE: [PATCH 05/10] netfilter: nf_tables: fix mismatch in big-endian system

From: Pablo Neira Ayuso > Sent: 15 March 2017 17:01 > From: Liping Zhang > > Currently, there are two different methods to store an u16 integer to > the u32 data register. For example: > u32 *dest = >data[priv->dreg]; > 1. *dest = 0; *(u16 *) dest = val_u16; > 2. *dest

RE: [PATCH 07/10] netfilter: Force fake conntrack entry to be at least 8 bytes aligned

From: Pablo Neira Ayuso > Sent: 15 March 2017 17:01 > From: "Steven Rostedt (VMware)" > > Since the nfct and nfctinfo have been combined, the nf_conn structure > must be at least 8 bytes aligned, as the 3 LSB bits are used for the > nfctinfo. But there's a fake nf_conn

RE: [PATCH 24/27] netfilter: guarantee 8 byte minalign for template addresses

From: Pablo Neira Ayuso > Sent: 03 February 2017 12:26 > The next change will merge skb->nfct pointer and skb->nfctinfo > status bits into single skb->_nfct (unsigned long) area. > > For this to work nf_conn addresses must always be aligned at least on > an 8 byte boundary since we will need the

RE: [PATCH 20/39] netfilter: ipset: Use kmalloc() in comment extension helper

From: Pablo Neira Ayuso > Sent: 13 November 2016 22:25 > Allocate memory with kmalloc() rather than kzalloc(): the string > is immediately initialized so it is unnecessary to zero out > the allocated memory area. > > Ported from a patch proposed by Sergey Popovich . > >

RE: [PATCH] netfilter: ip_vs_sync: fix bogus maybe-uninitialized warning

From: Arnd Bergmann > Sent: 24 October 2016 21:22 > On Monday, October 24, 2016 10:47:54 PM CEST Julian Anastasov wrote: > > > diff --git a/net/netfilter/ipvs/ip_vs_sync.c > > > b/net/netfilter/ipvs/ip_vs_sync.c > > > index 1b07578bedf3..9350530c16c1 100644 > > > ---

RE: [PATCH 06/26] netfilter: conntrack: align nf_conn on cacheline boundary

From: Pablo Neira Ayuso > Sent: 06 July 2016 15:24 > From: Florian Westphal > > increases struct size by 32 bytes (288 -> 320), but it is the right thing, > else any attempt to (re-)arrange nf_conn members by cacheline won't work. ... > nf_conntrack_cachep =

RE: [PATCH net-next] nfnetlink_queue: enable PID info retrieval

From: Eric Dumazet > Sent: 09 June 2016 22:17 > On Thu, 2016-06-09 at 23:50 +0300, Saeed Mahameed wrote: > > From: Matthew Finlay > > > > diff --git a/net/socket.c b/net/socket.c > > index a1bd161..67de200 100644 > > --- a/net/socket.c > > +++ b/net/socket.c > > @@ -382,6

RE: [PATCH nf] netfilter: ipv6: Orphan skbs in nf_ct_frag6_gather()

From: Joe Stringer > Sent: 13 April 2016 19:10 > This is the IPv6 equivalent of commit 8282f27449bf ("inet: frag: Always > orphan skbs inside ip_defrag()"). > > Prior to commit 029f7f3b8701 ("netfilter: ipv6: nf_defrag: avoid/free > clone operations"), ipv6 fragments sent to nf_ct_frag6_gather()