Bug#878948:

Control: found -1 17.2.2-1

Accepted libnftnl 1.0.8-1 (source amd64) into unstable, unstable

r-t...@lists.alioth.debian.org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: libnftnl-dev - Development files for libnftnl libnftnl7 - Netfilter nftables userspace API library Changes: libnftnl (1.0.8-1) unstable; urgency=medium . * [9138a65] New upstream v

[ulogd2 PATCH] ulogd2: new config behaviour: load all plugins by default

ending with '.so'. The log message level for plugins loading is increased so users can see by default which plugins are loaded. Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org> --- configure.ac | 30 +++--- src/ulogd.c

Re: [ulogd2 PATCH] ulogd2: add new config option: load_all_plugins

On 2 October 2017 at 12:44, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Sat, Sep 30, 2017 at 12:43:36PM +0200, Arturo Borrero Gonzalez wrote: >> On 30 September 2017 at 12:12, Pablo Neira Ayuso <pa...@netfilter.org> wrote: >> > On Sat, Sep 30, 2017 at 11

about libhtp security issues

Hi, just noticed the security issues we have for the libhtp package [0]. These are all fixed. The package was removed from Debian and then re-introduced, In the mean time, the libhtp* binary packages were served from the src:suricata package. Perhaps we lost track during this movement. How

Re: [ulogd2 PATCH] ulogd2: add new config option: load_all_plugins

On 30 September 2017 at 12:12, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Sat, Sep 30, 2017 at 11:48:11AM +0200, Arturo Borrero Gonzalez wrote: >> On 30 September 2017 at 11:43, Arturo Borrero Gonzalez >> <art...@netfilter.org> wrote: >> > >

Re: [ulogd2 PATCH] ulogd2: add new config option: load_all_plugins

On 30 September 2017 at 11:43, Arturo Borrero Gonzalez <art...@netfilter.org> wrote: > > Ok, but how could we avoid putting there a complex, arch-dependant path? i.e, in Debian this means a path like: /usr/lib/mips64el-linux-gnuabi64/ulogd/ulogd_filter_IFINDEX.so so user should

Re: [ulogd2 PATCH] ulogd2: add new config option: load_all_plugins

On 29 September 2017 at 13:39, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > Hi Arturo, > > On Mon, Sep 25, 2017 at 01:19:27PM +0200, Arturo Borrero Gonzalez wrote: >> diff --git a/ulogd.conf.in b/ulogd.conf.in >> index a987d64..fe54420 100644 >> --- a/ulo

Bug#593940: bind9utils: dnssec-{keygen,signzone} should not be in /usr/sbin

am. [0] https://anonscm.debian.org/git/pkg-bind/pkg-bind.git/commit/?id=e6f63f5a85d8fe6f22a995787e806f4887df9689 From: Arturo Borrero Gonzalez <art...@debian.org> bind9: move tools to /usr/bin instead of /usr/sbin No need to have them in /usr/sbin. They are mostly usable by non-root

[conntrack-tools PATCH] conntrack.8: refresh manpage

Refresh manpage, fixing typos, rearranging some sentences, introducing line breaks at max. 80 columns, markup fixes, and so on. Apart of some minor cosmetics fixes, no actual content is changed. Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org> --- conntrack.8

[ulogd2 PATCH] ulogd2: add new config option: load_all_plugins

logic. We simply open the dir and try to load all files ending with '.so'. Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org> --- configure.ac | 30 +++--- src/ulogd.c | 49 - ulogd.conf.in | 10 +++

Re: [RFC PATCH nft V4] src: Add import command for json

ft import json > > where the file.json is a ruleset exported in json format. > > Highly based on work from Alvaro Neira <alvaron...@gmail.com> > and Arturo Borrero <art...@netfilter.org> > > Acked-by: Arturo Borrero Gonzalez <art...@netfilter.org> > Signe

Accepted suricata 1:4.0.0-5 (source amd64) into unstable

hanged-By: Arturo Borrero Gonzalez <art...@debian.org> Description: suricata - Next Generation Intrusion Detection and Prevention Tool suricata-oinkmaster - Integration package between suricata and oinkmaster Changes: suricata (1:4.0.0-5) unstable; urgency=medium . * [392c5b2] d/t/co

Bug#853154: suricata: Filesystem location of rule files

On Mon, 30 Jan 2017 12:16:42 +0100 Sascha Steinbiss wrote: > > the suricata package is currently configured by default to store its > rules files in /etc/suricata/rules, which as a subdirectory under /etc > is meant to hold 'static' files according to FHS section 3.7 [1]. While

Re: [ulogd2 PATCH] ulogd: use a RT scheduler by default

On 7 September 2017 at 13:36, Arturo Borrero Gonzalez <art...@netfilter.org> wrote: > Is common that ulogd runs in scenarios where a lot of packets are to be > logged. > If there are more packets than ulogd can handle, users can start seing log > messages like this: > > u

Re: "License": public-domain

On 13 September 2017 at 18:25, Shengjing Zhu wrote: > FWIW, it's in https://people.debian.org/~bap/dfsg-faq.html#public_domain > Maybe this draft can be put in a more official place now? > Probably yes, but no strong opinion on that. Probably better contact the people who are in

Re: "License": public-domain

On 13 September 2017 at 18:15, Don Armstrong <d...@debian.org> wrote: > On Wed, 13 Sep 2017, Arturo Borrero Gonzalez wrote: >> if this question is common enough, perhaps it worth creating a simple >> wiki page to put all this information in there? > > If som

Re: "License": public-domain

On 13 September 2017 at 17:46, Don Armstrong wrote: > On Wed, 13 Sep 2017, Nico Schlömer wrote: >> I sometimes see in d/copyright >> >> > Copyright: John Doe >> > License: public-domain >> >> e.g., [1]. However, these two statements contradict each other: public >> domain means

Bug#814734: openshot new upstream release

Hi, last week openshot 2.4.0 was released upstream [0]. I'm interested in having it in Debian. Can't invest packaging time right now, but can help with other things, for example testing packages and sponsoring uploads if someone is collaborating who doesn't have upload rights. thanks you all

Re: brillo pantalla bajo, imposible subir

2017-09-12 8:52 GMT+02:00 Arturo Borrero Gonzalez <art...@debian.org>: > 2017-09-11 19:11 GMT+02:00 Felix Perez <felix.listadeb...@gmail.com>: >> >> Genralmente el xorg esta vacío, la configuración es "automágica", >> prueba iniciando con un xorg.conf

Re: [RFC PATCH nft V3] src: Add import command for json

On 11 September 2017 at 18:53, Shyam Saini wrote: > This new operation allows to import ruleset in json to make > incremental changes using the parse functions of libnftnl. > > A basic way to test this new functionality is: > > % cat file.json | nft import json > > where

Accepted suricata 1:4.0.0-4 (source amd64 all) into unstable

hanged-By: Arturo Borrero Gonzalez <art...@debian.org> Description: suricata - Next Generation Intrusion Detection and Prevention Tool suricata-oinkmaster - Integration package between suricata and oinkmaster Closes: 873832 Changes: suricata (1:4.0.0-4) unstable; urgency=medium . *

Re: brillo pantalla bajo, imposible subir

2017-09-11 19:11 GMT+02:00 Felix Perez : > > Genralmente el xorg esta vacío, la configuración es "automágica", > prueba iniciando con un xorg.conf vacío Probado, no funciona. > ¿Está bien instalado el controlador de la Tvideo? > Entiendo que si, si no no estaría en

brillo pantalla bajo, imposible subir

(por favor, responder directamente a mi, no estoy suscrito) Hola! solicito ayuda para arreglar un problema que tengo en mi laptop. El brillo de la pantalla (backlight/brigtness) está muy bajo de manera permanente, como cuando está en modo ahorro de energía. Ignora las configuraciones de XFCE

Re: [RFC PATCH nft V2] src: Add import command for json

s a script to check coding style [1], but beware of some false positives (regarding the commit message). Other than that, the patch looks fine. Please, address the coding style issues, and resend with: Acked-by: Arturo Borrero Gonzalez <art...@netfilter.org>

[ulogd2 PATCH] ulogd: use a RT scheduler by default

, and should produce no harm. A similar approach is used in the conntrackd daemon. Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org> --- src/ulogd.c | 15 +++ 1 file changed, 15 insertions(+) diff --git a/src/ulogd.c b/src/ulogd.c index b85d0ee..68f 100644 ---

Re: [nft PATCH RFC] Convert man page source to asciidoc

On 6 September 2017 at 10:41, Phil Sutter wrote: > Beware: The conversion is incomplete and merely serves as base for > discussion. > > This patch converts nft.xml into asciidoc markup, top down until (and > including) stateful objects description. I stopped there because it's > the

Re: [nft PATCH V2] tests: shell: Add tests for json import

On 4 September 2017 at 14:39, Shyam Saini wrote: >>> These test cases can be used to test upcoming "import json" command. >>> Hi Shyam, your v3 looks fine. I was going to test it out, but it seems the first patch [0] in the series requires a refresh. Please, refresh

Re: [nft PATCH V2] tests: shell: Add tests for json import

On 3 September 2017 at 01:32, Shyam Saini wrote: > These test cases can be used to test upcoming "import json" command. > > Here is the short description of the files: > all_ruleset_list ->contains list of all the individual rules > json_import_0 ->script

Bug#873832:

Control: tags -1 pending Thanks, I did the change and is now pending: https://anonscm.debian.org/cgit/pkg-suricata/pkg-suricata.git/commit/?id=93ee9030a53a45c800ad5879c4e7c754c1dc1331

Bug#873832:

Control: tags -1 pending Thanks, I did the change and is now pending: https://anonscm.debian.org/cgit/pkg-suricata/pkg-suricata.git/commit/?id=93ee9030a53a45c800ad5879c4e7c754c1dc1331

Accepted suricata 1:4.0.0-3 (source amd64 all) into unstable

hanged-By: Arturo Borrero Gonzalez <art...@debian.org> Description: suricata - Next Generation Intrusion Detection and Prevention Tool suricata-oinkmaster - Integration package between suricata and oinkmaster Closes: 858545 872908 Changes: suricata (1:4.0.0-3) unstable; urgency=medium .

Bug#864341: systemd-sysctl: failed to apply sysctl config at bootup

Hi, any news? We are being hit by this bug, which is a bit annoying. Are upstream systemd developers aware of this issue? best regards ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org

Bug#864341: systemd-sysctl: failed to apply sysctl config at bootup

Hi, any news? We are being hit by this bug, which is a bit annoying. Are upstream systemd developers aware of this issue? best regards

Re: [PATCH] examples: Fix memory leaks detected by Valgrind

Thanks Shyam, Acked-by: Arturo Borrero Gonzalez <art...@netfilter.org> in the future, please add a tag to the [PATCH] header, like "[PATCH libnftnl]" so we can easily know to which tree this patch should be applied to. -- To unsubscribe from this list: send the line "unsubs

Re: [PATCH V2] tests: json: Add test cases for json format

On 24 August 2017 at 14:08, Shyam Saini wrote: >> That was quick and dirty code for you to get the idea. >> Please follow the example of other testcases [0] to compare ruleset, >> create tempfiles and so on. >> > > One issue with this approach, incase of set rules > nft

Re: [PATCH V2] tests: json: Add test cases for json format

On 24 August 2017 at 10:49, Shyam Saini wrote: > These test cases can be used to test upcoming "import json" command. > > Here is the short description of the files: > all_ruleset_list ->contains list of all the individual rules Wait. You are generating the JSON

Bug#873062: /var/log/ulogd not accesible using sudo

On 24 August 2017 at 09:59, Chris Boot wrote: > > The directory created by the ulogd2 package in Debian is /var/log/ulog, > rather than /var/log/ulogd. I will assume this is a typo on your bug > report rather than you using a different directory. yes. > > The sudo with tail

Bug#873062:

I think this is basically asking for the opposite of #846843 [0]. What is the point on disallowing root access using sudo? [0] https://bugs.debian.org/846843

Bug#873062: /var/log/ulogd not accesible using sudo

Package: ulogd2 Version: 2.0.5-5 Severity: normal Dear Maintainer, the ulogd2 package creates /var/log/ulogd upon installation for logs to be there. Problem is that with the default permissions, this directory is not available for users using 'sudo', i.e. this is not possible: % sudo tailf -f

Accepted suricata 3.2.1-1+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates

: Pierre Chifflier <pol...@debian.org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: libhtp-0.5.23-1 - HTTP normalizer and parser library libhtp-dev - Development files for libhtp suricata - Next Generation Intrusion Detection and Prevention Tool suricat

Re: [PATCH] tests: json: Add test cases for json format

On 22 August 2017 at 11:30, Shyam Saini wrote: > > Should I send the version 2 of this patch with this script? > Yes, my suggestion is: * create a new testcase in nftables: tests/shell/testcases/import/yourscript_0 * put all the json files in:

Bug#872907: [pkg-netfilter-team] Bug#872907: iptables: hashlimit, Numerical result out of range

Control: reassign -1 linux On 22 August 2017 at 13:40, Tomas Simonaitis wrote: > One more update: > this might be related to issue: > https://github.com/torvalds/linux/commit/ad5b55761956427f61ed9c96961bf9c5cd4f92dc > > adding --hashlimit-burst 18 or --hashlimit-burst

Re: [PATCH] tests: json: Add test cases for json format

On 21 August 2017 at 22:55, Shyam Saini wrote: > These cases can be used to test upcoming "import json" command. > > Here is the short description of the files: > all_ruleset_list ->contains list of all the individual rules > rules_ipv4*->ip table >

Bug#862400:

Fixed -1 4.11-1~exp1

Bug#862400:

Fixed -1 4.11-1~exp1

Accepted libnftnl 1.0.7-2 (source amd64) into unstable

r-t...@lists.alioth.debian.org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: libnftnl-dev - Development files for libnftnl libnftnl4 - Netfilter nftables userspace API library Closes: 872326 Changes: libnftnl (1.0.7-2) unstable; urgency=medium . [ Arturo Borr

Re: [nft PATCH 0/16] introduce libnftables

On 16 August 2017 at 22:42, Eric Leblond wrote: > > Hello, > > This patchset adds a basi high level libnftables to nftables code. > It is currently supporting running a command from a buffer or from > a file as well as batch support allowing to chain commands and commit > them at

Bug#872326: libnftnl FTCBFS: configures for the build architecture

On 16 August 2017 at 12:07, Helmut Grohne wrote: > libnftnl fails to cross build from source, because it configures for the > build architecture by not passing --host to ./configure. It subsequently > fails finding libmnl, which is only requested for the host architecture > in

Accepted suricata 1:4.0.0-2 (source amd64 all) into unstable

pol...@debian.org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: suricata - Next Generation Intrusion Detection and Prevention Tool suricata-dbg - Next Generation Intrusion Detection and Prevention Tool - debug s suricata-oinkmaster - Integration package betw

Accepted conntrack-tools 1:1.4.4+snapshot20161117-6 (source amd64) into unstable

Team <pkg-netfilter-t...@lists.alioth.debian.org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: conntrack - Program to modify the conntrack tables conntrackd - Connection tracking daemon nfct - Tool to interact with the connection tracking system Cl

[conntrack-tools PATCH] tests: don't fail on modprobe since the driver might be built-in

loaded rather than trying to modprobe and ignoring failures, but there doesn't seem to be a reliable place to check this in the kernel filesystem. Signed-off-by: Steve Langasek <steve.langa...@ubuntu.com> Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org> --- tests/conntrack/

Bug#868284: stretch-pu: package suricata/3.2.1-1

On 8 August 2017 at 17:39, Adam D. Barratt wrote: > > Thanks. Please go ahead, with the tweaks from the earlier discussion - > i.e. 3.2.1-1+deb9u1, with a changelog distribution of "stretch". > Uploaded, thanks.

Bug#868284: stretch-pu: package suricata/3.2.1-1

On 8 August 2017 at 17:39, Adam D. Barratt wrote: > > Thanks. Please go ahead, with the tweaks from the earlier discussion - > i.e. 3.2.1-1+deb9u1, with a changelog distribution of "stretch". > Uploaded, thanks.

Bug#871833: conntrack-tools: Fix autopkgtests for compatibility with Ubuntu kernel, containers

On 12 August 2017 at 06:15, Steve Langasek wrote: > > The conntrack-tools 1.4.4+snapshot20161117 update was blocked from reaching > Ubuntu's 17.04 release, because it regresses its autopkgtests in Ubuntu > compared to 1.4.3-3. Hi Steve, thanks for your work,

[conntrack-tools PATCH] conntrackd: remove warning for -S

Remove the warning message for the -S option which has been deprecated for years now. Users calling conntrackd with this switch activated will now get an error. Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org> --- src/main.c |3 --- 1 file changed, 3 deletions(-) diff

Bug#871224: nftables: use https for link to nftables wiki

On 7 August 2017 at 03:05, Daniel Kahn Gillmor wrote: > Package: nftables > Version: 0.7-2 > Severity: minor > Tags: patch upstream > > the nftables wiki uses https. the manpage for nftables should link to > it using https, not http. i have tried sending the patch to >

Bug#868284: stretch-pu: package suricata/3.2.1-1

Control: tags -1 - moreinfo On Tue, 25 Jul 2017 22:54:15 +0200 Arturo Borrero Gonzalez <art...@debian.org> wrote: > Currently working on it. > Hi, now unstable containst the code, package version 1:4.0.0-1

Bug#868284: stretch-pu: package suricata/3.2.1-1

Control: tags -1 - moreinfo On Tue, 25 Jul 2017 22:54:15 +0200 Arturo Borrero Gonzalez <art...@debian.org> wrote: > Currently working on it. > Hi, now unstable containst the code, package version 1:4.0.0-1

Accepted suricata 1:4.0.0-1 (source amd64 all) into unstable

pol...@debian.org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: suricata - Next Generation Intrusion Detection and Prevention Tool suricata-dbg - Next Generation Intrusion Detection and Prevention Tool - debug s suricata-oinkmaster - Integration package betw

Bug#868284: stretch-pu: package suricata/3.2.1-1

On Fri, 14 Jul 2017 10:36:38 +0100 "Adam D. Barratt" wrote: > > I did - the version in unstable certainly doesn't. It does contain code > that looks exactly the same as the vulnerable code in stable, so I > assume the bug also affects that version. > Ok, I cherry-picked

Bug#868284: stretch-pu: package suricata/3.2.1-1

On Fri, 14 Jul 2017 10:36:38 +0100 "Adam D. Barratt" wrote: > > I did - the version in unstable certainly doesn't. It does contain code > that looks exactly the same as the vulnerable code in stable, so I > assume the bug also affects that version. > Ok, I cherry-picked

Accepted libhtp 1:0.5.25-1 (source amd64) into unstable, unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 20 Jun 2017 17:22:00 +0200 Source: libhtp Binary: libhtp-dev libhtp2 Architecture: source amd64 Version: 1:0.5.25-1 Distribution: unstable Urgency: medium Maintainer: Arturo Borrero Gonzalez <art...@debian.org> C

Bug#868284: stretch-pu: package suricata/3.2.1-1

Control: tags -1 - moreinfo On 14 July 2017 at 10:31, Adam D. Barratt <a...@adam-barratt.org.uk> wrote: > Control: tags -1 + moreinfo > > On 2017-07-14 8:39, Arturo Borrero Gonzalez wrote: >> >> We have in stretch suricata 3.2.1-1 and I would like to cherry-pi

Bug#868284: stretch-pu: package suricata/3.2.1-1

Control: tags -1 - moreinfo On 14 July 2017 at 10:31, Adam D. Barratt <a...@adam-barratt.org.uk> wrote: > Control: tags -1 + moreinfo > > On 2017-07-14 8:39, Arturo Borrero Gonzalez wrote: >> >> We have in stretch suricata 3.2.1-1 and I would like to cherry-pi

Bug#868284: stretch-pu: package suricata/3.2.1-1

Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Dear release team, thanks for your work in the Debian project, it's really appreciated. We have in stretch suricata 3.2.1-1 and I would like to cherry-pick a patch [0] in top of

Bug#868284: stretch-pu: package suricata/3.2.1-1

Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Dear release team, thanks for your work in the Debian project, it's really appreciated. We have in stretch suricata 3.2.1-1 and I would like to cherry-pick a patch [0] in top of

Bug#864341: systemd-sysctl: failed to apply sysctl config at bootup

On 13 July 2017 at 13:52, Michael Biebl wrote: > > Well, it uses system() to execute the command which is supposed to only > return once the forked command has finished. So I don't see the race > condition. Can you elaborate? > Then no idea. I was just guessing. In any case, I

Bug#864341: systemd-sysctl: failed to apply sysctl config at bootup

On 13 July 2017 at 13:52, Michael Biebl wrote: > > Well, it uses system() to execute the command which is supposed to only > return once the forked command has finished. So I don't see the race > condition. Can you elaborate? > Then no idea. I was just guessing. In any case, I

Bug#864341: systemd-sysctl: failed to apply sysctl config at bootup

On 13 July 2017 at 13:19, Michael Biebl wrote: > > systemd-modules-load uses libkmod/kmod_module_probe_insert_module() to > load the modules: > https://github.com/systemd/systemd/blob/master/src/modules-load/modules-load.c > > > I.e. it's not doing something fancy here and uses

Bug#864341: systemd-sysctl: failed to apply sysctl config at bootup

On 13 July 2017 at 13:19, Michael Biebl wrote: > > systemd-modules-load uses libkmod/kmod_module_probe_insert_module() to > load the modules: > https://github.com/systemd/systemd/blob/master/src/modules-load/modules-load.c > > > I.e. it's not doing something fancy here and uses

Bug#864341: systemd-sysctl: failed to apply sysctl config at bootup

CC'ing Florian Westphal from Netfilter, kernel maintainer. On Thu, 13 Jul 2017 12:27:10 +0200 Michael Biebl wrote: > I think the proper solution is to find out why the /sys entries are not > available after the module has been loaded and fix that in the conntrack > module. >

Bug#864341: systemd-sysctl: failed to apply sysctl config at bootup

CC'ing Florian Westphal from Netfilter, kernel maintainer. On Thu, 13 Jul 2017 12:27:10 +0200 Michael Biebl wrote: > I think the proper solution is to find out why the /sys entries are not > available after the module has been loaded and fix that in the conntrack > module. >

Bug#868148: RFS: synergy/1.8.8-stable+dfsg.1-1

On 13 July 2017 at 10:29, Joshua Honeycutt wrote: > On Wed, Jul 12, 2017 at 8:28 AM, Andreas Ronnquist > wrote: >> >> I'll sponsor this if you want me to. (Since I asked for a new unstable >> release ;) >> > > I would appreciate it. I had just

Bug#868148: RFS: synergy/1.8.8-stable+dfsg.1-1

On 13 July 2017 at 10:29, Joshua Honeycutt wrote: > On Wed, Jul 12, 2017 at 8:28 AM, Andreas Ronnquist > wrote: >> >> I'll sponsor this if you want me to. (Since I asked for a new unstable >> release ;) >> > > I would appreciate it. I had just

Bug#864341: systemd-sysctl: failed to apply sysctl config at bootup

On Wed, 7 Jun 2017 13:35:13 +0200 Moritz Muehlenhoff wrote: > A couple of possible solutions, but these are all rather something for > upstream development: > - sysctl.conf files could gain an additional parameter which specifies > the kernel module creating the sysctl.

Bug#864341: systemd-sysctl: failed to apply sysctl config at bootup

On Wed, 7 Jun 2017 13:35:13 +0200 Moritz Muehlenhoff wrote: > A couple of possible solutions, but these are all rather something for > upstream development: > - sysctl.conf files could gain an additional parameter which specifies > the kernel module creating the sysctl.

Bug#868148: RFS: synergy/1.8.8-stable+dfsg.1-1

On 12 July 2017 at 14:50, Joshua Honeycutt wrote: > Package: sponsorship-requests > Severity: normal > > Dear mentors, > > I am looking for a sponsor for my package "synergy" > Hi, I'm interested in sponsoring this. But I currently have a big backlog and I'm not

Bug#868148: RFS: synergy/1.8.8-stable+dfsg.1-1

On 12 July 2017 at 14:50, Joshua Honeycutt wrote: > Package: sponsorship-requests > Severity: normal > > Dear mentors, > > I am looking for a sponsor for my package "synergy" > Hi, I'm interested in sponsoring this. But I currently have a big backlog and I'm not

[nft PATCH] monitor: add debug messages

Add some debug messages in the monitor/trace code paths to ease development and debugging in case of errors. After this patch, running 'nft monitor --debug=mnl,netlink' is more verbose. Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org> --- src/mnl.c |7 +++ src/net

Re: [PATCH] monitor: fix printing of range elements in named sets

On 11 July 2017 at 20:11, Phil Sutter <p...@nwl.cc> wrote: > Hi, > > On Thu, Jul 06, 2017 at 04:36:45PM +0200, Arturo Borrero Gonzalez wrote: >> If you add set elements to interval sets, the output is wrong. >> Fix this by caching first element of the range

[PATCH] monitor: fix printing of range elements in named sets

} CC: Phil Sutter <p...@nwl.cc> Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org> --- This was discussed during Netfilter Workshop 2017 in Faro, Portugal. I think Phil has another patch to address this issue from a different approach. include/rule.h |2 ++ src/netli

Accepted nftables 0.7-2 (source) into unstable

org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: nftables - Program to control packet filtering rules by Netfilter project Closes: 866902 Changes: nftables (0.7-2) unstable; urgency=medium . [ Arturo Borrero Gonzalez ] * [058867f] d/control: move pa

Bug#866902: nftables: systemd unit loads /etc/nftables.conf too late in the boot process

Control: tags -1 pending On 2 July 2017 at 18:46, Martin Dickopp wrote: > Package: nftables > Version: 0.7-1 > Severity: normal > Thanks, patch applied.

Accepted iptables 1.6.1-2 (source) into unstable

: 1.6.1-2 Distribution: unstable Urgency: medium Maintainer: Debian Netfilter Packaging Team <pkg-netfilter-t...@lists.alioth.debian.org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: iptables - administration tools for packet filtering and NAT iptables-dev -

Bug#865464: turn iptables-dev Architecture: any

Control: tags -1 pending Hi Helmut, many thanks for the patch :-) I applied it to the git repo [0] and will do an upload in the short term. Please note that I mangled a bit the commit message with the content of this bug report, for future references. [0]

Accepted iptables 1.6.1-1 (source) into unstable

: 1.6.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Netfilter Packaging Team <pkg-netfilter-t...@lists.alioth.debian.org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: iptables - administration tools for packet filtering and NAT iptables-dev -

Accepted suricata 4.0.0-beta1-1~exp1 (source amd64 all) into unstable, unstable

Maintainer: Pierre Chifflier <pol...@debian.org> Changed-By: Arturo Borrero Gonzalez <art...@debian.org> Description: libhtp-0.5.24-1 - HTTP normalizer and parser library libhtp-dev - Development files for libhtp suricata - Next Generation Intrusion Detection and Prevention Tool suricat

Re: using nft & iptables nat in parallel

On 14 June 2017 at 11:58, Florian Westphal <f...@strlen.de> wrote: > Arturo Borrero Gonzalez <art...@debian.org> wrote: >> I'm curious, What is the use case of using both nftables and iptables >> at the same time? >> Some missing functionality in nft? >>

Re: using nft & iptables nat in parallel

On 14 June 2017 at 11:24, Florian Westphal wrote: > > Another side effect is that this avoids the need to add (in nft case) > the 'empty' nat base chains to take care of reply translation. > good! > Thoughts? > I'm curious, What is the use case of using both nftables and

[conntrack-tools PATCH v2] conntrackd: make the daemon run in RT mode by default

. The code is moved to the init() routine. In case of error setting the scheduler, the system default will be used. Report a message to the user and continue working. Signed-off-by: Arturo Borrero Gonzalez <art...@debian.org> --- v2: refresh manpages, keep scheduler configuration options

Re: [conntrack-tools PATCH v2] In order to prevent netlink buffer overrun, conntrackd is recommended to run

On 9 June 2017 at 15:06, Arturo Borrero Gonzalez <art...@debian.org> wrote: > at max priority. oops, ugly. Resending -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at htt

[conntrack-tools PATCH v2] In order to prevent netlink buffer overrun, conntrackd is recommended to run

the scheduler, the system default will be used. Report a message to the user and continue working. Signed-off-by: Arturo Borrero Gonzalez <art...@debian.org> --- v2: refresh manpages, keep scheduler configuration options conntrackd.conf.5| 35 --

Re: [PATCH] tests: shell: Add test for ambguity while setting the value

On 9 June 2017 at 11:30, Shyam Saini wrote: > This test checks bug identified and fixed in the commit mentioned below > In a statement if there are multiple src data then it would be > totally ambiguous to decide which value to set. > > We don't add this test in python

Re: [PATCH 1/3] scanner: add files in include dirs in alphabetical order.

On 8 June 2017 at 12:17, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Wed, Jun 07, 2017 at 09:40:53PM +0200, Arturo Borrero Gonzalez wrote: >> On 7 June 2017 at 10:35, Ismo Puustinen <ismo.puusti...@intel.com> wrote: >> > >> > +static int

Re: [conntrack-tools PATCH 2/4] conntrackd: make the daemon run in RT mode by default

On 6 June 2017 at 13:10, Pablo Neira Ayuso wrote: > > But I think we should keep the Nice and Scheduler clauses. Just in > case anyone wants to do this fine grain tunning. > The nice value can be changed at runtime externally: using the nice/renice commands Perhaps is a bit

Re: [PATCH 1/3] scanner: add files in include dirs in alphabetical order.

On 7 June 2017 at 10:35, Ismo Puustinen wrote: > > +static int directoryfilter(const struct dirent *de) > +{ > + if (strcmp(de->d_name, ".") == 0 || > + strcmp(de->d_name, "..") == 0) > + return 0; > + > + /* Accept other

Bug#864341: systemd-sysctl: failed to apply sysctl config at bootup

sysctl/nftables/network services to prevent this issue? A quick and dirty workaround is to call sysctl in the nftables.service file after loading the ruleset, but I'm looking for something more robust/elegant. What about running systemd-sysctl the last in the boot order chain? -- Arturo Borrero Go

[conntrack-tools PATCH 1/4] conntrackd: evaluate configuration earlier

Run the evaluation step sooner in the conntrackd startup routine. Don't close log or unlink lockfile at this stage. Signed-off-by: Arturo Borrero Gonzalez <art...@debian.org> --- src/main.c | 20 +--- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/src/ma

[conntrack-tools PATCH 2/4] conntrackd: make the daemon run in RT mode by default

-by: Arturo Borrero Gonzalez <art...@debian.org> --- conntrackd.conf.5| 46 +++--- doc/helper/conntrackd.conf | 21 - doc/stats/conntrackd.conf| 19 doc/sync/alarm/conntrackd.conf

<    3   4   5   6   7   8   9   10   11   12   >