confidentiality, believing that this email reaches you
in good faith. My contacting you is not a mistake or a coincidence
because God can use any person known or unknown to accomplish great
things.
I am a lawyer and I have an investment business proposal to offer you.
It is not official but should
conntrack -D suffers from a TOCTTOU race between querying the existing entries
and deleting each entry one-by-one. Because entries could simply disappear
because of a timeout this is an unavoidable race that makes -D unreliable.
Some users of conntrack have resorted to invoking conntrack in a lo
On Sat, Dec 15, 2018 at 01:00:01PM +0100, Arturo Borrero Gonzalez wrote:
> On Wed, 5 Dec 2018 at 12:25, Pablo Neira Ayuso wrote:
> >
> > On Wed, Dec 05, 2018 at 12:18:30PM +0100, Arturo Borrero Gonzalez wrote:
> > [...]
> > > I would apply the -legacy renaming patch regardless. We already did this
On Sunday 2018-12-16 17:22, William Woodruff wrote:
>On 12/16/18 6:02 AM, Jan Engelhardt wrote:
>> Though illegal in standard C, clang does support the extension:
>>
>> 11:59 a4:~ > echo -en 'int main() { void *x = &x; x = x + 1; }' | clang
>> -x c -c -o /dev/null - -Wall
>> 11:59 a4:~ >
>> (cl
On 12/16/18 6:02 AM, Jan Engelhardt wrote:
> Though illegal in standard C, clang does support the extension:
>
> 11:59 a4:~ > echo -en 'int main() { void *x = &x; x = x + 1; }' | clang
> -x c -c -o /dev/null - -Wall
> 11:59 a4:~ >
> (clang 6.0.1)
> fra
Sorry, I should have clarified: the source
On Saturday 2018-12-15 23:02, William Woodruff wrote:
>This program belongs to a framework that is built using clang
>and clang doesn't support void pointer arithmetic
Though illegal in standard C, clang does support the extension:
11:59 a4:~ > echo -en 'int main() { void *x = &x; x = x + 1; }'
Hi,
I've been writing a program that uses the netfilter/libiptc
headers, and have run into a few macros and inline functions
that use void* for pointer arithmetic rather than char* (or
uint8_t*).
This program belongs to a framework that is built using clang
and clang doesn't support void pointer
On Wed, 5 Dec 2018 at 12:25, Pablo Neira Ayuso wrote:
>
> On Wed, Dec 05, 2018 at 12:18:30PM +0100, Arturo Borrero Gonzalez wrote:
> [...]
> > I would apply the -legacy renaming patch regardless. We already did this
> > with arptables after the agreement @ NFWS. In fact, me sending the patch
> > n
On Wed, Dec 05, 2018 at 12:18:30PM +0100, Arturo Borrero Gonzalez wrote:
[...]
> I would apply the -legacy renaming patch regardless. We already did this
> with arptables after the agreement @ NFWS. In fact, me sending the patch
> now (instead of last summer) is just my lack of time to write it ear
ion of the rename of the .git repo is because I already
detected several confused people who don't understand the relationship
between arptables-legacy, arptables-nft and the .git repos they are
served from (and same for ebtables).
Also, worth considering that having the repo clearly stating -le
On Tuesday 2018-12-04 11:57, Pablo Neira Ayuso wrote:
>On Tue, Dec 04, 2018 at 11:50:46AM +0100, Arturo Borrero Gonzalez wrote:
>> On 11/28/18 2:10 PM, Arturo Borrero Gonzalez wrote:
>> > On 11/28/18 1:44 PM, Arturo Borrero Gonzalez wrote:
>> >> Hi,
>> >>
>> >> Now that the iptables.git repo offe
On Tue, Dec 04, 2018 at 11:50:46AM +0100, Arturo Borrero Gonzalez wrote:
> On 11/28/18 2:10 PM, Arturo Borrero Gonzalez wrote:
> > On 11/28/18 1:44 PM, Arturo Borrero Gonzalez wrote:
> >> Hi,
> >>
> >> Now that the iptables.git repo offers arptables-nft and ebtables-nft,
> >> arptables.git holds ar
On 11/28/18 2:10 PM, Arturo Borrero Gonzalez wrote:
> On 11/28/18 1:44 PM, Arturo Borrero Gonzalez wrote:
>> Hi,
>>
>> Now that the iptables.git repo offers arptables-nft and ebtables-nft,
>> arptables.git holds arptables-legacy, etc, why we don't just rename the
>> repos?
>>
>> * from arptables.gi
On 11/28/18 1:44 PM, Arturo Borrero Gonzalez wrote:
> Hi,
>
> Now that the iptables.git repo offers arptables-nft and ebtables-nft,
> arptables.git holds arptables-legacy, etc, why we don't just rename the
> repos?
>
> * from arptables.git to arptables-legacy.git
> * from ebtables.git to ebtables
Hi,
Now that the iptables.git repo offers arptables-nft and ebtables-nft,
arptables.git holds arptables-legacy, etc, why we don't just rename the
repos?
* from arptables.git to arptables-legacy.git
* from ebtables.git to ebtables-legacy.git
This rename should help distros understand the differen
Hello
Greeetings to you please did you get my previous email regarding my
investment proposal last week friday ?
MS.Zeliha ömer faruk
zeliha.omer.fa...@gmail.com
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message
who may wish to run iptables command without
lock.
Does this proposal sound sane-ish ?
Regards,
Jack
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi nft developers,
I would like to propose this patch to netfilter.
This patch aims that all the "--debug" levels of nft are treated as it
is in cache_update().
Currently, nft seems to omit any debug level except for "netlink"
level through cache_update(). It is not convenient to check all
I created a filter plugin for ulogd2 that does retrieve informations
from HTTP request, it is similar to ulogd_filter_PWSNIFF (on which the
code is based) which allows to monitor/log HTTP requests sent/recieved
by the system.
Other solutions based on PCAP allows to log HTTP queries but not along
Hi Mark,
On Tue, Jan 09, 2018 at 10:46:14PM -0600, mark diener wrote:
> Why don't you just put a JSON layer above the c-based libnftl 0.9 ?
>
> That way, whatever is working in C-based API can then get JSON support
> and disrupt the apple cart.
>
> Call it libnftljson-0.9.so, which is then depen
Why don't you just put a JSON layer above the c-based libnftl 0.9 ?
That way, whatever is working in C-based API can then get JSON support
and disrupt the apple cart.
Call it libnftljson-0.9.so, which is then dependent on libnftl-0.9.so
But keep the c-based api the c-based api
and the JSON calli
On Fri, Jan 05, 2018 at 06:52:03PM +0100, Phil Sutter wrote:
> Hi Pablo,
>
> On Tue, Jan 02, 2018 at 07:02:19PM +0100, Pablo Neira Ayuso wrote:
> > On Fri, Dec 29, 2017 at 03:58:16PM +0100, Phil Sutter wrote:
> > > On Thu, Dec 28, 2017 at 08:21:41PM +0100, Pablo Neira Ayuso wrote:
> > > > On Sat,
Hi Pablo,
On Tue, Jan 02, 2018 at 07:02:19PM +0100, Pablo Neira Ayuso wrote:
> On Fri, Dec 29, 2017 at 03:58:16PM +0100, Phil Sutter wrote:
> > On Thu, Dec 28, 2017 at 08:21:41PM +0100, Pablo Neira Ayuso wrote:
> > > On Sat, Dec 23, 2017 at 02:19:41PM +0100, Phil Sutter wrote:
[...]
> > > > But is
Hi Phil,
On Fri, Dec 29, 2017 at 03:58:16PM +0100, Phil Sutter wrote:
> On Thu, Dec 28, 2017 at 08:21:41PM +0100, Pablo Neira Ayuso wrote:
> > On Sat, Dec 23, 2017 at 02:19:41PM +0100, Phil Sutter wrote:
[...]
> > Yes, that would place a bit more work on the library, but I think we
> > should prov
On Thu, Dec 28, 2017 at 08:21:41PM +0100, Pablo Neira Ayuso wrote:
> Hi Phil,
>
> On Sat, Dec 23, 2017 at 02:19:41PM +0100, Phil Sutter wrote:
> > On Fri, Dec 22, 2017 at 09:39:03PM +0100, Pablo Neira Ayuso wrote:
> > > On Fri, Dec 22, 2017 at 04:30:49PM +0100, Phil Sutter wrote:
> > > > Hi Pablo,
Hi Phil,
On Sat, Dec 23, 2017 at 02:19:41PM +0100, Phil Sutter wrote:
> On Fri, Dec 22, 2017 at 09:39:03PM +0100, Pablo Neira Ayuso wrote:
> > On Fri, Dec 22, 2017 at 04:30:49PM +0100, Phil Sutter wrote:
> > > Hi Pablo,
> > >
> > > On Fri, Dec 22, 2017 at 02:49:06PM +0100, Pablo Neira Ayuso wrote
On Fri, Dec 22, 2017 at 09:39:03PM +0100, Pablo Neira Ayuso wrote:
> On Fri, Dec 22, 2017 at 04:30:49PM +0100, Phil Sutter wrote:
> > Hi Pablo,
> >
> > On Fri, Dec 22, 2017 at 02:49:06PM +0100, Pablo Neira Ayuso wrote:
> > > On Fri, Dec 22, 2017 at 02:08:16PM +0100, Phil Sutter wrote:
> > > > On W
On Fri, Dec 22, 2017 at 04:30:49PM +0100, Phil Sutter wrote:
> Hi Pablo,
>
> On Fri, Dec 22, 2017 at 02:49:06PM +0100, Pablo Neira Ayuso wrote:
> > On Fri, Dec 22, 2017 at 02:08:16PM +0100, Phil Sutter wrote:
> > > On Wed, Dec 20, 2017 at 11:23:36PM +0100, Pablo Neira Ayuso wrote:
> > > > On Wed,
Hi Pablo,
On Fri, Dec 22, 2017 at 02:49:06PM +0100, Pablo Neira Ayuso wrote:
> On Fri, Dec 22, 2017 at 02:08:16PM +0100, Phil Sutter wrote:
> > On Wed, Dec 20, 2017 at 11:23:36PM +0100, Pablo Neira Ayuso wrote:
> > > On Wed, Dec 20, 2017 at 01:32:25PM +0100, Phil Sutter wrote:
> > > [...]
> > > >
Hi Phil,
On Fri, Dec 22, 2017 at 02:08:16PM +0100, Phil Sutter wrote:
> On Wed, Dec 20, 2017 at 11:23:36PM +0100, Pablo Neira Ayuso wrote:
> > On Wed, Dec 20, 2017 at 01:32:25PM +0100, Phil Sutter wrote:
> > [...]
> > > On Tue, Dec 19, 2017 at 12:00:48AM +0100, Pablo Neira Ayuso wrote:
> > > > On
Hi Pablo,
On Wed, Dec 20, 2017 at 11:23:36PM +0100, Pablo Neira Ayuso wrote:
> On Wed, Dec 20, 2017 at 01:32:25PM +0100, Phil Sutter wrote:
> [...]
> > On Tue, Dec 19, 2017 at 12:00:48AM +0100, Pablo Neira Ayuso wrote:
> > > On Sat, Dec 16, 2017 at 05:06:51PM +0100, Phil Sutter wrote:
> > > > On S
Hi Phil,
On Wed, Dec 20, 2017 at 01:32:25PM +0100, Phil Sutter wrote:
[...]
> On Tue, Dec 19, 2017 at 12:00:48AM +0100, Pablo Neira Ayuso wrote:
> > On Sat, Dec 16, 2017 at 05:06:51PM +0100, Phil Sutter wrote:
> > > On Sun, Dec 10, 2017 at 10:55:40PM +0100, Pablo Neira Ayuso wrote:
> > > > On Thu,
Hi Pablo,
On Tue, Dec 19, 2017 at 12:00:48AM +0100, Pablo Neira Ayuso wrote:
> On Sat, Dec 16, 2017 at 05:06:51PM +0100, Phil Sutter wrote:
> > On Sun, Dec 10, 2017 at 10:55:40PM +0100, Pablo Neira Ayuso wrote:
> > > On Thu, Dec 07, 2017 at 12:34:31PM +0100, Phil Sutter wrote:
> > > > On Thu, Dec
Hi Phil,
On Sat, Dec 16, 2017 at 05:06:51PM +0100, Phil Sutter wrote:
> Hi Pablo,
>
> On Sun, Dec 10, 2017 at 10:55:40PM +0100, Pablo Neira Ayuso wrote:
> > On Thu, Dec 07, 2017 at 12:34:31PM +0100, Phil Sutter wrote:
> > > On Thu, Dec 07, 2017 at 01:05:45AM +0100, Pablo Neira Ayuso wrote:
> > >
Hi Pablo,
On Sun, Dec 10, 2017 at 10:55:40PM +0100, Pablo Neira Ayuso wrote:
> On Thu, Dec 07, 2017 at 12:34:31PM +0100, Phil Sutter wrote:
> > On Thu, Dec 07, 2017 at 01:05:45AM +0100, Pablo Neira Ayuso wrote:
> > > On Tue, Dec 05, 2017 at 02:43:17PM +0100, Phil Sutter wrote:
> > [...]
> > > > Af
On Thu, Dec 07, 2017 at 12:34:31PM +0100, Phil Sutter wrote:
> Hi Pablo,
>
> On Thu, Dec 07, 2017 at 01:05:45AM +0100, Pablo Neira Ayuso wrote:
> > On Tue, Dec 05, 2017 at 02:43:17PM +0100, Phil Sutter wrote:
> [...]
> > > After tweaking the parser a bit, I can use it now to parse just a
> > > set
Hi Pablo,
On Thu, Dec 07, 2017 at 01:05:45AM +0100, Pablo Neira Ayuso wrote:
> On Tue, Dec 05, 2017 at 02:43:17PM +0100, Phil Sutter wrote:
[...]
> > After tweaking the parser a bit, I can use it now to parse just a
> > set_list_member_expr and use the struct expr it returns. This made it
> > poss
Hi Phil,
On Tue, Dec 05, 2017 at 02:43:17PM +0100, Phil Sutter wrote:
[...]
> My "vision" for an extended API which actually provides an additional
> benefit is something that allows to work with the entities nft language
> defines in an abstract manner, ideally without having to invoke the
> pars
Hi Pablo,
Since I was about to start explaining my extended API idea as part of my
reply, let's take this on-list and I'll give a full overview.
On Mon, Dec 04, 2017 at 07:46:04PM +0100, Pablo Neira Ayuso wrote:
[...]
> Kernel code to check if an element is exists is already upstream, it's
> in c
On Fri, 2016-03-04 at 10:57 +0100, Arturo Borrero Gonzalez wrote:
> Hi Ismo,
>
> I like the idea. What I'm wondering is if it worth having another
> directive like 'includedir' to be more explicit.
Sure, I'm fine with that approach too. If the project leadership
indicates that the include directo
On 2 March 2016 at 13:11, Ismo Puustinen wrote:
> A nice-to-have feature in nft would be the ability to use include
> directories that contain rule files. The use case would be support for
> services dropping their custom configuration files into a directory,
> allowing a more modular firewall con
A nice-to-have feature in nft would be the ability to use include
directories that contain rule files. The use case would be support for
services dropping their custom configuration files into a directory,
allowing a more modular firewall configuration.
This is a proof-of-concept patch -- I'm not
42 matches
Mail list logo
