Control: found -1 17.2.2-1
r-t...@lists.alioth.debian.org>
Changed-By: Arturo Borrero Gonzalez <art...@debian.org>
Description:
libnftnl-dev - Development files for libnftnl
libnftnl7 - Netfilter nftables userspace API library
Changes:
libnftnl (1.0.8-1) unstable; urgency=medium
.
* [9138a65] New upstream v
ending with '.so'.
The log message level for plugins loading is increased so users can see by
default which plugins are loaded.
Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org>
---
configure.ac | 30 +++---
src/ulogd.c
On 2 October 2017 at 12:44, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> On Sat, Sep 30, 2017 at 12:43:36PM +0200, Arturo Borrero Gonzalez wrote:
>> On 30 September 2017 at 12:12, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
>> > On Sat, Sep 30, 2017 at 11
Hi,
just noticed the security issues we have for the libhtp package [0].
These are all fixed. The package was removed from Debian and then re-introduced,
In the mean time, the libhtp* binary packages were served from the
src:suricata package.
Perhaps we lost track during this movement. How
On 30 September 2017 at 12:12, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> On Sat, Sep 30, 2017 at 11:48:11AM +0200, Arturo Borrero Gonzalez wrote:
>> On 30 September 2017 at 11:43, Arturo Borrero Gonzalez
>> <art...@netfilter.org> wrote:
>> >
>
On 30 September 2017 at 11:43, Arturo Borrero Gonzalez
<art...@netfilter.org> wrote:
>
> Ok, but how could we avoid putting there a complex, arch-dependant path?
i.e, in Debian this means a path like:
/usr/lib/mips64el-linux-gnuabi64/ulogd/ulogd_filter_IFINDEX.so
so user should
On 29 September 2017 at 13:39, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> Hi Arturo,
>
> On Mon, Sep 25, 2017 at 01:19:27PM +0200, Arturo Borrero Gonzalez wrote:
>> diff --git a/ulogd.conf.in b/ulogd.conf.in
>> index a987d64..fe54420 100644
>> --- a/ulo
am.
[0]
https://anonscm.debian.org/git/pkg-bind/pkg-bind.git/commit/?id=e6f63f5a85d8fe6f22a995787e806f4887df9689
From: Arturo Borrero Gonzalez <art...@debian.org>
bind9: move tools to /usr/bin instead of /usr/sbin
No need to have them in /usr/sbin. They are mostly usable by non-root
Refresh manpage, fixing typos, rearranging some sentences, introducing line
breaks at max. 80 columns, markup fixes, and so on.
Apart of some minor cosmetics fixes, no actual content is changed.
Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org>
---
conntrack.8
logic. We simply
open the dir and try to load all files ending with '.so'.
Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org>
---
configure.ac | 30 +++---
src/ulogd.c | 49 -
ulogd.conf.in | 10 +++
ft import json
>
> where the file.json is a ruleset exported in json format.
>
> Highly based on work from Alvaro Neira <alvaron...@gmail.com>
> and Arturo Borrero <art...@netfilter.org>
>
> Acked-by: Arturo Borrero Gonzalez <art...@netfilter.org>
> Signe
hanged-By: Arturo Borrero Gonzalez <art...@debian.org>
Description:
suricata - Next Generation Intrusion Detection and Prevention Tool
suricata-oinkmaster - Integration package between suricata and oinkmaster
Changes:
suricata (1:4.0.0-5) unstable; urgency=medium
.
* [392c5b2] d/t/co
On Mon, 30 Jan 2017 12:16:42 +0100 Sascha Steinbiss wrote:
>
> the suricata package is currently configured by default to store its
> rules files in /etc/suricata/rules, which as a subdirectory under /etc
> is meant to hold 'static' files according to FHS section 3.7 [1]. While
On 7 September 2017 at 13:36, Arturo Borrero Gonzalez
<art...@netfilter.org> wrote:
> Is common that ulogd runs in scenarios where a lot of packets are to be
> logged.
> If there are more packets than ulogd can handle, users can start seing log
> messages like this:
>
> u
On 13 September 2017 at 18:25, Shengjing Zhu wrote:
> FWIW, it's in https://people.debian.org/~bap/dfsg-faq.html#public_domain
> Maybe this draft can be put in a more official place now?
>
Probably yes, but no strong opinion on that.
Probably better contact the people who are in
On 13 September 2017 at 18:15, Don Armstrong <d...@debian.org> wrote:
> On Wed, 13 Sep 2017, Arturo Borrero Gonzalez wrote:
>> if this question is common enough, perhaps it worth creating a simple
>> wiki page to put all this information in there?
>
> If som
On 13 September 2017 at 17:46, Don Armstrong wrote:
> On Wed, 13 Sep 2017, Nico Schlömer wrote:
>> I sometimes see in d/copyright
>>
>> > Copyright: John Doe
>> > License: public-domain
>>
>> e.g., [1]. However, these two statements contradict each other: public
>> domain means
Hi,
last week openshot 2.4.0 was released upstream [0].
I'm interested in having it in Debian.
Can't invest packaging time right now, but can help with other things,
for example
testing packages and sponsoring uploads if someone is collaborating
who doesn't have upload rights.
thanks you all
2017-09-12 8:52 GMT+02:00 Arturo Borrero Gonzalez <art...@debian.org>:
> 2017-09-11 19:11 GMT+02:00 Felix Perez <felix.listadeb...@gmail.com>:
>>
>> Genralmente el xorg esta vacío, la configuración es "automágica",
>> prueba iniciando con un xorg.conf
On 11 September 2017 at 18:53, Shyam Saini wrote:
> This new operation allows to import ruleset in json to make
> incremental changes using the parse functions of libnftnl.
>
> A basic way to test this new functionality is:
>
> % cat file.json | nft import json
>
> where
hanged-By: Arturo Borrero Gonzalez <art...@debian.org>
Description:
suricata - Next Generation Intrusion Detection and Prevention Tool
suricata-oinkmaster - Integration package between suricata and oinkmaster
Closes: 873832
Changes:
suricata (1:4.0.0-4) unstable; urgency=medium
.
*
2017-09-11 19:11 GMT+02:00 Felix Perez :
>
> Genralmente el xorg esta vacío, la configuración es "automágica",
> prueba iniciando con un xorg.conf vacío
Probado, no funciona.
> ¿Está bien instalado el controlador de la Tvideo?
>
Entiendo que si, si no no estaría en
(por favor, responder directamente a mi, no estoy suscrito)
Hola!
solicito ayuda para arreglar un problema que tengo en mi laptop.
El brillo de la pantalla (backlight/brigtness) está muy bajo de manera
permanente, como cuando está en modo ahorro de energía. Ignora las
configuraciones de XFCE
s a script to check
coding style [1], but beware of some false positives (regarding the
commit message).
Other than that, the patch looks fine. Please, address the coding
style issues, and resend with:
Acked-by: Arturo Borrero Gonzalez <art...@netfilter.org>
, and should produce no harm.
A similar approach is used in the conntrackd daemon.
Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org>
---
src/ulogd.c | 15 +++
1 file changed, 15 insertions(+)
diff --git a/src/ulogd.c b/src/ulogd.c
index b85d0ee..68f 100644
---
On 6 September 2017 at 10:41, Phil Sutter wrote:
> Beware: The conversion is incomplete and merely serves as base for
> discussion.
>
> This patch converts nft.xml into asciidoc markup, top down until (and
> including) stateful objects description. I stopped there because it's
> the
On 4 September 2017 at 14:39, Shyam Saini wrote:
>>> These test cases can be used to test upcoming "import json" command.
>>>
Hi Shyam,
your v3 looks fine.
I was going to test it out, but it seems the first patch [0] in the
series requires a refresh.
Please, refresh
On 3 September 2017 at 01:32, Shyam Saini wrote:
> These test cases can be used to test upcoming "import json" command.
>
> Here is the short description of the files:
> all_ruleset_list ->contains list of all the individual rules
> json_import_0 ->script
Control: tags -1 pending
Thanks, I did the change and is now pending:
https://anonscm.debian.org/cgit/pkg-suricata/pkg-suricata.git/commit/?id=93ee9030a53a45c800ad5879c4e7c754c1dc1331
Control: tags -1 pending
Thanks, I did the change and is now pending:
https://anonscm.debian.org/cgit/pkg-suricata/pkg-suricata.git/commit/?id=93ee9030a53a45c800ad5879c4e7c754c1dc1331
hanged-By: Arturo Borrero Gonzalez <art...@debian.org>
Description:
suricata - Next Generation Intrusion Detection and Prevention Tool
suricata-oinkmaster - Integration package between suricata and oinkmaster
Closes: 858545 872908
Changes:
suricata (1:4.0.0-3) unstable; urgency=medium
.
Hi,
any news? We are being hit by this bug, which is a bit annoying.
Are upstream systemd developers aware of this issue?
best regards
___
Pkg-systemd-maintainers mailing list
Pkg-systemd-maintainers@lists.alioth.debian.org
Hi,
any news? We are being hit by this bug, which is a bit annoying.
Are upstream systemd developers aware of this issue?
best regards
Thanks Shyam,
Acked-by: Arturo Borrero Gonzalez <art...@netfilter.org>
in the future, please add a tag to the [PATCH] header, like "[PATCH
libnftnl]" so we can easily know to which tree this patch should be
applied to.
--
To unsubscribe from this list: send the line "unsubs
On 24 August 2017 at 14:08, Shyam Saini wrote:
>> That was quick and dirty code for you to get the idea.
>> Please follow the example of other testcases [0] to compare ruleset,
>> create tempfiles and so on.
>>
>
> One issue with this approach, incase of set rules
> nft
On 24 August 2017 at 10:49, Shyam Saini wrote:
> These test cases can be used to test upcoming "import json" command.
>
> Here is the short description of the files:
> all_ruleset_list ->contains list of all the individual rules
Wait. You are generating the JSON
On 24 August 2017 at 09:59, Chris Boot wrote:
>
> The directory created by the ulogd2 package in Debian is /var/log/ulog,
> rather than /var/log/ulogd. I will assume this is a typo on your bug
> report rather than you using a different directory.
yes.
>
> The sudo with tail
I think this is basically asking for the opposite of #846843 [0].
What is the point on disallowing root access using sudo?
[0] https://bugs.debian.org/846843
Package: ulogd2
Version: 2.0.5-5
Severity: normal
Dear Maintainer,
the ulogd2 package creates /var/log/ulogd upon installation for logs to be
there.
Problem is that with the default permissions, this directory is not available
for users using 'sudo', i.e. this is not possible:
% sudo tailf -f
: Pierre Chifflier <pol...@debian.org>
Changed-By: Arturo Borrero Gonzalez <art...@debian.org>
Description:
libhtp-0.5.23-1 - HTTP normalizer and parser library
libhtp-dev - Development files for libhtp
suricata - Next Generation Intrusion Detection and Prevention Tool
suricat
On 22 August 2017 at 11:30, Shyam Saini wrote:
>
> Should I send the version 2 of this patch with this script?
>
Yes,
my suggestion is:
* create a new testcase in nftables: tests/shell/testcases/import/yourscript_0
* put all the json files in:
Control: reassign -1 linux
On 22 August 2017 at 13:40, Tomas Simonaitis wrote:
> One more update:
> this might be related to issue:
> https://github.com/torvalds/linux/commit/ad5b55761956427f61ed9c96961bf9c5cd4f92dc
>
> adding --hashlimit-burst 18 or --hashlimit-burst
On 21 August 2017 at 22:55, Shyam Saini wrote:
> These cases can be used to test upcoming "import json" command.
>
> Here is the short description of the files:
> all_ruleset_list ->contains list of all the individual rules
> rules_ipv4*->ip table
>
Fixed -1 4.11-1~exp1
Fixed -1 4.11-1~exp1
r-t...@lists.alioth.debian.org>
Changed-By: Arturo Borrero Gonzalez <art...@debian.org>
Description:
libnftnl-dev - Development files for libnftnl
libnftnl4 - Netfilter nftables userspace API library
Closes: 872326
Changes:
libnftnl (1.0.7-2) unstable; urgency=medium
.
[ Arturo Borr
On 16 August 2017 at 22:42, Eric Leblond wrote:
>
> Hello,
>
> This patchset adds a basi high level libnftables to nftables code.
> It is currently supporting running a command from a buffer or from
> a file as well as batch support allowing to chain commands and commit
> them at
On 16 August 2017 at 12:07, Helmut Grohne wrote:
> libnftnl fails to cross build from source, because it configures for the
> build architecture by not passing --host to ./configure. It subsequently
> fails finding libmnl, which is only requested for the host architecture
> in
pol...@debian.org>
Changed-By: Arturo Borrero Gonzalez <art...@debian.org>
Description:
suricata - Next Generation Intrusion Detection and Prevention Tool
suricata-dbg - Next Generation Intrusion Detection and Prevention Tool - debug
s
suricata-oinkmaster - Integration package betw
Team
<pkg-netfilter-t...@lists.alioth.debian.org>
Changed-By: Arturo Borrero Gonzalez <art...@debian.org>
Description:
conntrack - Program to modify the conntrack tables
conntrackd - Connection tracking daemon
nfct - Tool to interact with the connection tracking system
Cl
loaded rather than trying
to modprobe and ignoring failures, but there doesn't seem to be a reliable
place to check this in the kernel filesystem.
Signed-off-by: Steve Langasek <steve.langa...@ubuntu.com>
Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org>
---
tests/conntrack/
On 8 August 2017 at 17:39, Adam D. Barratt wrote:
>
> Thanks. Please go ahead, with the tweaks from the earlier discussion -
> i.e. 3.2.1-1+deb9u1, with a changelog distribution of "stretch".
>
Uploaded, thanks.
On 8 August 2017 at 17:39, Adam D. Barratt wrote:
>
> Thanks. Please go ahead, with the tweaks from the earlier discussion -
> i.e. 3.2.1-1+deb9u1, with a changelog distribution of "stretch".
>
Uploaded, thanks.
On 12 August 2017 at 06:15, Steve Langasek wrote:
>
> The conntrack-tools 1.4.4+snapshot20161117 update was blocked from reaching
> Ubuntu's 17.04 release, because it regresses its autopkgtests in Ubuntu
> compared to 1.4.3-3.
Hi Steve,
thanks for your work,
Remove the warning message for the -S option which has been deprecated for
years now.
Users calling conntrackd with this switch activated will now get an error.
Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org>
---
src/main.c |3 ---
1 file changed, 3 deletions(-)
diff
On 7 August 2017 at 03:05, Daniel Kahn Gillmor wrote:
> Package: nftables
> Version: 0.7-2
> Severity: minor
> Tags: patch upstream
>
> the nftables wiki uses https. the manpage for nftables should link to
> it using https, not http. i have tried sending the patch to
>
Control: tags -1 - moreinfo
On Tue, 25 Jul 2017 22:54:15 +0200 Arturo Borrero Gonzalez
<art...@debian.org> wrote:
> Currently working on it.
>
Hi,
now unstable containst the code, package version 1:4.0.0-1
Control: tags -1 - moreinfo
On Tue, 25 Jul 2017 22:54:15 +0200 Arturo Borrero Gonzalez
<art...@debian.org> wrote:
> Currently working on it.
>
Hi,
now unstable containst the code, package version 1:4.0.0-1
pol...@debian.org>
Changed-By: Arturo Borrero Gonzalez <art...@debian.org>
Description:
suricata - Next Generation Intrusion Detection and Prevention Tool
suricata-dbg - Next Generation Intrusion Detection and Prevention Tool - debug
s
suricata-oinkmaster - Integration package betw
On Fri, 14 Jul 2017 10:36:38 +0100 "Adam D. Barratt"
wrote:
>
> I did - the version in unstable certainly doesn't. It does contain code
> that looks exactly the same as the vulnerable code in stable, so I
> assume the bug also affects that version.
>
Ok, I cherry-picked
On Fri, 14 Jul 2017 10:36:38 +0100 "Adam D. Barratt"
wrote:
>
> I did - the version in unstable certainly doesn't. It does contain code
> that looks exactly the same as the vulnerable code in stable, so I
> assume the bug also affects that version.
>
Ok, I cherry-picked
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 20 Jun 2017 17:22:00 +0200
Source: libhtp
Binary: libhtp-dev libhtp2
Architecture: source amd64
Version: 1:0.5.25-1
Distribution: unstable
Urgency: medium
Maintainer: Arturo Borrero Gonzalez <art...@debian.org>
C
Control: tags -1 - moreinfo
On 14 July 2017 at 10:31, Adam D. Barratt <a...@adam-barratt.org.uk> wrote:
> Control: tags -1 + moreinfo
>
> On 2017-07-14 8:39, Arturo Borrero Gonzalez wrote:
>>
>> We have in stretch suricata 3.2.1-1 and I would like to cherry-pi
Control: tags -1 - moreinfo
On 14 July 2017 at 10:31, Adam D. Barratt <a...@adam-barratt.org.uk> wrote:
> Control: tags -1 + moreinfo
>
> On 2017-07-14 8:39, Arturo Borrero Gonzalez wrote:
>>
>> We have in stretch suricata 3.2.1-1 and I would like to cherry-pi
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Dear release team,
thanks for your work in the Debian project, it's really appreciated.
We have in stretch suricata 3.2.1-1 and I would like to cherry-pick a patch [0]
in top of
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Dear release team,
thanks for your work in the Debian project, it's really appreciated.
We have in stretch suricata 3.2.1-1 and I would like to cherry-pick a patch [0]
in top of
On 13 July 2017 at 13:52, Michael Biebl wrote:
>
> Well, it uses system() to execute the command which is supposed to only
> return once the forked command has finished. So I don't see the race
> condition. Can you elaborate?
>
Then no idea. I was just guessing.
In any case, I
On 13 July 2017 at 13:52, Michael Biebl wrote:
>
> Well, it uses system() to execute the command which is supposed to only
> return once the forked command has finished. So I don't see the race
> condition. Can you elaborate?
>
Then no idea. I was just guessing.
In any case, I
On 13 July 2017 at 13:19, Michael Biebl wrote:
>
> systemd-modules-load uses libkmod/kmod_module_probe_insert_module() to
> load the modules:
> https://github.com/systemd/systemd/blob/master/src/modules-load/modules-load.c
>
>
> I.e. it's not doing something fancy here and uses
On 13 July 2017 at 13:19, Michael Biebl wrote:
>
> systemd-modules-load uses libkmod/kmod_module_probe_insert_module() to
> load the modules:
> https://github.com/systemd/systemd/blob/master/src/modules-load/modules-load.c
>
>
> I.e. it's not doing something fancy here and uses
CC'ing Florian Westphal from Netfilter, kernel maintainer.
On Thu, 13 Jul 2017 12:27:10 +0200 Michael Biebl wrote:
> I think the proper solution is to find out why the /sys entries are not
> available after the module has been loaded and fix that in the conntrack
> module.
>
CC'ing Florian Westphal from Netfilter, kernel maintainer.
On Thu, 13 Jul 2017 12:27:10 +0200 Michael Biebl wrote:
> I think the proper solution is to find out why the /sys entries are not
> available after the module has been loaded and fix that in the conntrack
> module.
>
On 13 July 2017 at 10:29, Joshua Honeycutt wrote:
> On Wed, Jul 12, 2017 at 8:28 AM, Andreas Ronnquist
> wrote:
>>
>> I'll sponsor this if you want me to. (Since I asked for a new unstable
>> release ;)
>>
>
> I would appreciate it. I had just
On 13 July 2017 at 10:29, Joshua Honeycutt wrote:
> On Wed, Jul 12, 2017 at 8:28 AM, Andreas Ronnquist
> wrote:
>>
>> I'll sponsor this if you want me to. (Since I asked for a new unstable
>> release ;)
>>
>
> I would appreciate it. I had just
On Wed, 7 Jun 2017 13:35:13 +0200 Moritz Muehlenhoff wrote:
> A couple of possible solutions, but these are all rather something for
> upstream development:
> - sysctl.conf files could gain an additional parameter which specifies
> the kernel module creating the sysctl.
On Wed, 7 Jun 2017 13:35:13 +0200 Moritz Muehlenhoff wrote:
> A couple of possible solutions, but these are all rather something for
> upstream development:
> - sysctl.conf files could gain an additional parameter which specifies
> the kernel module creating the sysctl.
On 12 July 2017 at 14:50, Joshua Honeycutt wrote:
> Package: sponsorship-requests
> Severity: normal
>
> Dear mentors,
>
> I am looking for a sponsor for my package "synergy"
>
Hi,
I'm interested in sponsoring this. But I currently have a big backlog
and I'm not
On 12 July 2017 at 14:50, Joshua Honeycutt wrote:
> Package: sponsorship-requests
> Severity: normal
>
> Dear mentors,
>
> I am looking for a sponsor for my package "synergy"
>
Hi,
I'm interested in sponsoring this. But I currently have a big backlog
and I'm not
Add some debug messages in the monitor/trace code paths to ease development
and debugging in case of errors.
After this patch, running 'nft monitor --debug=mnl,netlink' is more verbose.
Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org>
---
src/mnl.c |7 +++
src/net
On 11 July 2017 at 20:11, Phil Sutter <p...@nwl.cc> wrote:
> Hi,
>
> On Thu, Jul 06, 2017 at 04:36:45PM +0200, Arturo Borrero Gonzalez wrote:
>> If you add set elements to interval sets, the output is wrong.
>> Fix this by caching first element of the range
}
CC: Phil Sutter <p...@nwl.cc>
Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org>
---
This was discussed during Netfilter Workshop 2017 in Faro, Portugal.
I think Phil has another patch to address this issue from a different
approach.
include/rule.h |2 ++
src/netli
org>
Changed-By: Arturo Borrero Gonzalez <art...@debian.org>
Description:
nftables - Program to control packet filtering rules by Netfilter project
Closes: 866902
Changes:
nftables (0.7-2) unstable; urgency=medium
.
[ Arturo Borrero Gonzalez ]
* [058867f] d/control: move pa
Control: tags -1 pending
On 2 July 2017 at 18:46, Martin Dickopp wrote:
> Package: nftables
> Version: 0.7-1
> Severity: normal
>
Thanks,
patch applied.
: 1.6.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Netfilter Packaging Team
<pkg-netfilter-t...@lists.alioth.debian.org>
Changed-By: Arturo Borrero Gonzalez <art...@debian.org>
Description:
iptables - administration tools for packet filtering and NAT
iptables-dev -
Control: tags -1 pending
Hi Helmut,
many thanks for the patch :-)
I applied it to the git repo [0] and will do an upload in the short term.
Please note that I mangled a bit the commit message with the content
of this bug report, for future references.
[0]
: 1.6.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Netfilter Packaging Team
<pkg-netfilter-t...@lists.alioth.debian.org>
Changed-By: Arturo Borrero Gonzalez <art...@debian.org>
Description:
iptables - administration tools for packet filtering and NAT
iptables-dev -
Maintainer: Pierre Chifflier <pol...@debian.org>
Changed-By: Arturo Borrero Gonzalez <art...@debian.org>
Description:
libhtp-0.5.24-1 - HTTP normalizer and parser library
libhtp-dev - Development files for libhtp
suricata - Next Generation Intrusion Detection and Prevention Tool
suricat
On 14 June 2017 at 11:58, Florian Westphal <f...@strlen.de> wrote:
> Arturo Borrero Gonzalez <art...@debian.org> wrote:
>> I'm curious, What is the use case of using both nftables and iptables
>> at the same time?
>> Some missing functionality in nft?
>>
On 14 June 2017 at 11:24, Florian Westphal wrote:
>
> Another side effect is that this avoids the need to add (in nft case)
> the 'empty' nat base chains to take care of reply translation.
>
good!
> Thoughts?
>
I'm curious, What is the use case of using both nftables and
.
The code is moved to the init() routine. In case of error setting the
scheduler, the system default will be used. Report a message to the user
and continue working.
Signed-off-by: Arturo Borrero Gonzalez <art...@debian.org>
---
v2: refresh manpages, keep scheduler configuration options
On 9 June 2017 at 15:06, Arturo Borrero Gonzalez <art...@debian.org> wrote:
> at max priority.
oops, ugly. Resending
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at htt
the
scheduler, the system default will be used. Report a message to the user
and continue working.
Signed-off-by: Arturo Borrero Gonzalez <art...@debian.org>
---
v2: refresh manpages, keep scheduler configuration options
conntrackd.conf.5| 35 --
On 9 June 2017 at 11:30, Shyam Saini wrote:
> This test checks bug identified and fixed in the commit mentioned below
> In a statement if there are multiple src data then it would be
> totally ambiguous to decide which value to set.
>
> We don't add this test in python
On 8 June 2017 at 12:17, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> On Wed, Jun 07, 2017 at 09:40:53PM +0200, Arturo Borrero Gonzalez wrote:
>> On 7 June 2017 at 10:35, Ismo Puustinen <ismo.puusti...@intel.com> wrote:
>> >
>> > +static int
On 6 June 2017 at 13:10, Pablo Neira Ayuso wrote:
>
> But I think we should keep the Nice and Scheduler clauses. Just in
> case anyone wants to do this fine grain tunning.
>
The nice value can be changed at runtime externally: using the
nice/renice commands
Perhaps is a bit
On 7 June 2017 at 10:35, Ismo Puustinen wrote:
>
> +static int directoryfilter(const struct dirent *de)
> +{
> + if (strcmp(de->d_name, ".") == 0 ||
> + strcmp(de->d_name, "..") == 0)
> + return 0;
> +
> + /* Accept other
sysctl/nftables/network
services to prevent this issue?
A quick and dirty workaround is to call sysctl in the nftables.service
file after loading the ruleset,
but I'm looking for something more robust/elegant.
What about running systemd-sysctl the last in the boot order chain?
--
Arturo Borrero Go
Run the evaluation step sooner in the conntrackd startup routine.
Don't close log or unlink lockfile at this stage.
Signed-off-by: Arturo Borrero Gonzalez <art...@debian.org>
---
src/main.c | 20 +---
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/src/ma
-by: Arturo Borrero Gonzalez <art...@debian.org>
---
conntrackd.conf.5| 46 +++---
doc/helper/conntrackd.conf | 21 -
doc/stats/conntrackd.conf| 19
doc/sync/alarm/conntrackd.conf
701 - 800 of 1978 matches
Mail list logo