From: Gao Feng
When h323 and sip try to insert expect nodes, they would increase
the port by 2 for loop, and the loop condition is that "port != 0".
So when the start port is odd number, port never increases to zero.
Now make port as u32 instead of u_int16_t, and the loop
Hi Liping,
On Thu, Mar 2, 2017 at 7:18 PM, Liping Zhang wrote:
> Hi,
> 2017-03-02 18:18 GMT+08:00 Gao Feng :
> [...]
>> The expect class is NF_CT_EXPECT_CLASS_DEFAULT, and proto is
>> IPPROTO_UDP at the function "expect_rtp_rtcp",
>> And it makes sure the
The underlying nlmsg_multicast() already sets sk->sk_err for us to
notify socket overruns, so we should not do anything with this return
value. So we just call nfnetlink_set_err() if:
1) We fail to allocate the netlink message.
or
2) We don't have enough space in the netlink message to place
We'd like to announce Mojatatu Networks as our second Gold Sponsor.
Thank you for the continued support!
cheers,
jamal
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at
Hi,
2017-03-02 15:57 GMT+08:00 :
> From: Gao Feng
>
> When h323 and sip try to insert expect nodes, they would increase
> the port by 2 for loop, and the loop condition is that "port != 0".
> So when the start port is odd number, port never increases to zero.
Signed-off-by: Timothy Redaelli
---
tests/py/README | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tests/py/README b/tests/py/README
index 82d73a2..66f706f 100644
--- a/tests/py/README
+++ b/tests/py/README
@@ -40,21 +40,21 @@ families. Unless you
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi,
There is currently an open issue with nft in that ah expression doesn't
work for IPv6 since it creates a payload expression which doesn't find
the AH IPv6 extension header.
There has been a discussion about this problem off-list in which two
alternative "solutions" were named, both involve
On Thu, Mar 02, 2017 at 10:01:29PM +0100, Pablo Neira Ayuso wrote:
> On Thu, Mar 02, 2017 at 08:56:52PM +0100, Phil Sutter wrote:
> > Hi,
> >
> > There is currently an open issue with nft in that ah expression doesn't
> > work for IPv6 since it creates a payload expression which doesn't find
> >
Hi,
2017-03-02 18:18 GMT+08:00 Gao Feng :
[...]
> The expect class is NF_CT_EXPECT_CLASS_DEFAULT, and proto is
> IPPROTO_UDP at the function "expect_rtp_rtcp",
> And it makes sure the port is even number.
>
> But look at the process_gcf, the port is got from the packet data at
>
On Wed, Mar 1, 2017 at 5:34 PM, Richard Guy Briggs wrote:
> On 2017-03-01 17:19, Paul Moore wrote:
>> On Wed, Mar 1, 2017 at 11:28 AM, Richard Guy Briggs wrote:
>> > On 2017-02-28 17:22, Paul Moore wrote:
>> >> On Sun, Feb 26, 2017 at 3:49 PM, Richard Guy Briggs
On 2017-03-02 19:16, Paul Moore wrote:
> On Wed, Mar 1, 2017 at 5:34 PM, Richard Guy Briggs wrote:
> > On 2017-03-01 17:19, Paul Moore wrote:
> >> On Wed, Mar 1, 2017 at 11:28 AM, Richard Guy Briggs
> >> wrote:
> >> > On 2017-02-28 17:22, Paul Moore wrote:
> >>
On Thu, Mar 2, 2017 at 9:00 PM, Richard Guy Briggs wrote:
> On 2017-03-02 19:16, Paul Moore wrote:
>> On Wed, Mar 1, 2017 at 5:34 PM, Richard Guy Briggs wrote:
>> > On 2017-03-01 17:19, Paul Moore wrote:
>> >> On Wed, Mar 1, 2017 at 11:28 AM, Richard Guy Briggs
From: Gao Feng
When memory is exhausted, nf_ct_nat_ext_add may return NULL. Then
nf_nat_ipv4_fn and nf_nat_ipv6_fn would return NF_ACCEPT in this
case.
So we need add the NULL check when invoke nfct_nat in these two
functions.
Signed-off-by: Gao Feng
---
This patch provides symmetric hash support according to source
ip address and port, and destination ip address and port.
For this purpose, the __skb_get_hash_symmetric() is used to
identify the flow as it uses FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL
flag by default.
The new attribute NFTA_HASH_TYPE
15 matches
Mail list logo