Re: Xen dom0 (core) merged to upstream Linux 2.6.37 and other new features

2010-10-31 Thread Niccolò Belli 
OMG, I can't believe it. This is wonderful news, really.

Darkbasic

Il 30/10/2010 15:07, Pasi Kärkkäinen ha scritto:
> Hello,
> 
> People here might be interested to know that Xen pvops dom0 core
> was merged to upstream Linux kernel during the 2.6.37 merge window!
> 
> This has been in the works for a long time, so it's good news.
> 
> Note that this is the core/initial merge, there's more upstreaming
> needed to get for example the Xen dom0 backend drivers merged
> to be able to run other domains using the upstream kernel.
> 
> Xen developers are working on upstreaming more of the missing bits
> in the next Linux versions.
> 
> Recently in addition to the Xen dom0 bits there has been other
> upstreamed features aswell:
> 
> - Xen PV-on-HVM drivers for fully virtualized (HVM) Linux guests in 2.6.36,
>   and optimizations for the drivers in 2.6.37.
> - Xen PCI front driver in Linux 2.6.37 for PCI passthru to Xen PV guests
>   (works also with hardware where VT-d/IOMMU is not available).
> 
> There will also be a git kernel tree based on 2.6.37 with the backend
> drivers and other not-yet-upstreamed patches included.
> 
> -- Pasi
> 
> 


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ccd66de.80...@gmail.com

l7-filter does not mark any package

2010-08-04 Thread Niccolò Belli 
Hi, I can send packets from the mangle chain to l7-filter, but
analyzing packets in output on the filter chain you can see packets
had not been marked.

l7-filter loads all the patterns flawlessly and does not give any error.



### POLICY ###
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -t mangle -A FORWARD -i ppp0 -o eth1 -j NFQUEUE --queue-num 1
iptables -t mangle -A FORWARD -i eth1 -o ppp0 -j NFQUEUE --queue-num 1

# CHAIN #
iptables -N INtoOUT
iptables -N OUTtoIN
iptables -N INTERNETWORK

# FORWARD to CHAIN #
iptables -A FORWARD -i ppp0 -j OUTtoIN
iptables -A FORWARD -o ppp0 -j INtoOUT
iptables -A FORWARD -j DROP


iptables -A OUTtoIN -o eth1 -m mark --mark 4 -j ACCEPT
iptables -A OUTtoIN -o eth1 -p udp --dport 5060 -m mark --mark 7 -j ACCEPT
iptables -A OUTtoIN -o eth1 -p udp --dport 1:2 -m mark --mark
8 -j ACCEPT
iptables -A OUTtoIN -o eth1 -m mark --mark 5 -j ACCEPT
iptables -A OUTtoIN -j DROP

iptables -A INtoOUT -i eth1 -m mark --mark 3 -j ACCEPT
iptables -A INtoOUT -i eth1 -m mark --mark 4 -j ACCEPT
iptables -A INtoOUT -i eth1 -m mark --mark 5 -j ACCEPT
iptables -A INtoOUT -i eth1 -m mark --mark 6 -j ACCEPT
iptables -A INtoOUT -i eth1 -m mark --mark 7 -j ACCEPT
iptables -A INtoOUT -i eth1 -m mark --mark 8 -j ACCEPT
iptables -A INtoOUT -i eth1 -j LOG --log-prefix "DROP!!! "
iptables -A INtoOUT -j DROP



# l7-filter -f /etc/l7-protocols/l7filter.conf -q 1 -vv -p
/etc/l7-protocols/protocols/
Attempting to read configuration from /etc/l7-protocols/l7filter.conf.metano
Attempting to load pattern from /etc/l7-protocols/protocols///imap.pat
pattern='^(\* ok|a[0-9]+ noop)'
eflags=0 cflags=11
Added: imap mark=3
Attempting to load pattern from /etc/l7-protocols/protocols///pop3.pat
pattern='^(\+ok |-err )'
eflags=0 cflags=11
Added: pop3 mark=3
Attempting to load pattern from /etc/l7-protocols/protocols///smtp.pat
pattern='^220[\x09-\x0d -~]* (E?SMTP|[Ss]imple [Mm]ail)'
eflags=0 cflags=9
Added: smtp mark=3
Attempting to load pattern from /etc/l7-protocols/protocols///http.pat
pattern='http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\x09-\x0d
-~]*(connection:|content-type:|content-length:|date:)|post [\x09-\x0d
-~]* http/[01]\.[019]'
eflags=0 cflags=11
Added: http mark=4
Attempting to load pattern from /etc/l7-protocols/protocols///ftp.pat
pattern='^220[\x09-\x0d -~]*ftp'
eflags=0 cflags=11
Added: ftp  mark=4
Attempting to load pattern from /etc/l7-protocols/protocols///dns.pat
pattern='^.?.?.?.?[\x01\x02].?.?.?.?.?.?[\x01-?][a-z0-9][\x01-?a-z]*[\x02-\x06][a-z][a-z][fglmoprstuvz]?[aeop]?(um)?[\x01-\x10\x1c][\x01\x03\x04\xFF]'
eflags=0 cflags=11
Added: dns  mark=5
Attempting to load pattern from /etc/l7-protocols/protocols///vnc.pat
pattern='^rfb 00[1-9]\.00[0-9]\x0a$'
eflags=0 cflags=11
Added: vnc  mark=6
Attempting to load pattern from /etc/l7-protocols/protocols///sip.pat
pattern='^(invite|register|cancel|message|subscribe|notify)
sip[\x09-\x0d -~]*sip/[0-2]\.[0-9]'
eflags=0 cflags=11
Added: sip  mark=7
Attempting to load pattern from /etc/l7-protocols/protocols///rtp.pat
pattern='^\x80[\x01-"`-\x7f\x80-\xa2\xe0-\xff]?..*\x80'
eflags=0 cflags=11
Added: rtp  mark=8
Made key from ct:   udp  17 src=192.168.2.3 dst=151.99.125.2
sport=33765 dport=53
Made key from ct:   udp  17 src=192.168.2.3 dst=151.99.125.2
sport=45219 dport=53
Got packet, had no ct:  udp  17 src=62.10.112.29 dst=192.168.1.159
sport=5061 dport=5060
Got packet, had no ct:  udp  17 src=192.168.1.159 dst=151.99.250.2
sport=53310 dport=53
Got packet, had no ct:  udp  17 src=192.168.1.233 dst=8.8.8.8
sport=58489 dport=53
Got packet, had no ct:  udp  17 src=192.168.1.233 dst=8.8.8.8
sport=39654 dport=53
Got packet, had no ct:  udp  17 src=62.10.112.29 dst=192.168.1.159
sport=5061 dport=5060
Got packet, had no ct:  udp  17 src=192.168.1.233 dst=8.8.8.8
sport=46075 dport=53
Got packet, had no ct:  udp  17 src=192.168.1.233 dst=8.8.8.8
sport=56026 dport=53
Got packet, had no ct:  udp  17 src=192.168.1.233 dst=8.8.8.8
sport=34057 dport=53
Got packet, had no ct:  udp  17 src=192.168.1.233 dst=8.8.8.8
sport=52035 dport=53
Got packet, had no ct:  udp  17 src=192.168.1.233 dst=8.8.8.8
sport=56459 dport=53
Got packet, had no ct:  udp  17 src=192.168.1.233 dst=8.8.8.8
sport=34241 dport=53
Got packet, had no ct:  udp  17 src=192.168.1.233 dst=8.8.8.8
sport=45604 dport=53
Got packet, had no ct:  udp  17 src=62.10.112.29 dst=192.168.1.159
sport=5061 dport=5060
Got packet, had no ct:  udp  17 src=192.168.1.159 dst=151.99.125.2
sport=57961 dport=53
Got packet, had no ct:  udp  17 src=192.168.1.233 dst=8.8.8.8
sport=58489 dport=53
Got packet, had no ct:  udp  17 src=192.168.1.233 dst=8.8.8.8
sport=39654 dport=53
Got packet, had no ct:  udp  17 src=62.10.112.29 dst=192.168.1.159
sport=5061 dport=5060
Got packet, had no ct:  udp  17 src=62.10.112.29 dst=192.168.1.159
sport=5061 dport=5060
Got packet

Re: LSI MegaRAID SAS 9260-4i and Lenny

2009-09-30 Thread Niccolò Belli 
Il 30 settembre 2009 03.32, Ben Hutchings  ha scritto:
> It's in the Linux kernel already, but support for this particular model
> appears to have been added after Linux 2.6.26.

Uhm... are you sure? Can you tell me the module name? This is a pretty
new controller, it is available in the UK since two weeks and it is
still not available in Italy.

Cheers,
Darkbasic


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: LSI MegaRAID SAS 9260-4i and Lenny

2009-09-29 Thread Niccolò Belli 
Il 29 settembre 2009 21.47, Ben Hutchings  ha scritto:
> On Tue, 2009-09-29 at 21:10 +0200, Niccolò Belli wrote:
>> Is there any way to make it work under Debian Lenny?
>
> Maybe, but you're asking on the wrong list...

Where shall I ask? I already tried debian-italian without success...

>> Is there an open source driver?
>
> Yes.

Really? Where can I find it?

>> If yes, will it be backported into lenny?
>
> Maybe, if you file a wishlist bug against linux-2.6.

I'll do it, thank you.

Cheers,
Darkbasic


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

LSI MegaRAID SAS 9260-4i and Lenny

2009-09-29 Thread Niccolò Belli 
Hi all,
Is there any way to make it work under Debian Lenny?
I saw only RHE/SLE drivers on the LSI website...
Is there an open source driver? If yes, will it be backported into lenny?

Cheers,
Darkbasic


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org