Oh, thanks Liping.
I have not found the extra port styles are different of irc, sane and tftp with
ftp.
Hi Pablo,
Then should I modify the original patch or send a new one?
-邮件原件-
发件人: Liping Zhang [mailto:zlpnob...@gmail.com]
发送时间: 2016年7月20日 8:51
收件人: f...@ikuai8.com
抄送: Pablo Neira
2016-07-18 11:39 GMT+08:00 :
> From: Gao Feng
>
> Add nf_ct_helper_init, nf_conntrack_helpers_register/unregister
> functions to enhance the conntrack helper codes.
I think this patch is breaking something ...
This irc:
> - if (ports[i] == IRC_PORT)
> - sprin
At 2016-07-20 02:16:00, "Pablo Neira Ayuso" wrote:
>On Mon, Jul 18, 2016 at 08:44:17PM +0800, Liping Zhang wrote:
>> From: Liping Zhang
>>
>> There's a similar problem in xt_NFLOG, and was fixed by commit 7643507fe8b5
>> ("netfilter: xt_NFLOG: nflog-range does not truncate packets"). Only set
>>
At 2016-07-20 02:17:15, "Pablo Neira Ayuso" wrote:
>On Mon, Jul 18, 2016 at 10:14:27PM +0800, Liping Zhang wrote:
>> From: Liping Zhang
>>
>> The following iptables rules have the different semantics:
>> # iptables -A INPUT -j NFLOG
>> # iptables -A INPUT -j NFLOG --nflog-size 0
>>
>> But t
Any news about that?
Kind regards
Alex
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Jul 18, 2016 at 10:14:28PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> The nflog-size was introduced by commit 7070b1f3c88a ("extensions:
> libxt_NFLOG: nflog-range does not truncate packets"). Then make
> the nflog-range become deprecated, because it has no effect from
> the begi
On Mon, Jul 18, 2016 at 10:14:27PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> The following iptables rules have the different semantics:
> # iptables -A INPUT -j NFLOG
> # iptables -A INPUT -j NFLOG --nflog-size 0
>
> But they are all displayed as "-A INPUT -j NFLOG", so if
> the us
On Mon, Jul 18, 2016 at 08:44:17PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> There's a similar problem in xt_NFLOG, and was fixed by commit 7643507fe8b5
> ("netfilter: xt_NFLOG: nflog-range does not truncate packets"). Only set
> copy_len here does not work, so we should enable NF_LOG_F
On Mon, Jul 18, 2016 at 08:44:16PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> User can specify the log level larger than 7(debug level) via
> nfnetlink, this is invalid. So in this case, we should report
> EINVAL to the userspace.
Also applied, thanks.
--
To unsubscribe from this list:
On Mon, Jul 18, 2016 at 08:44:15PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> Suppose that we specify the NFTA_LOG_PREFIX, then NFTA_LOG_LEVEL
> and NFTA_LOG_GROUP are specified together or nf_logger_find_get
> call returns fail, i.e. expr init fail, memory leak will happen.
Applied, th
On Mon, Jul 18, 2016 at 11:39:23AM +0800, f...@ikuai8.com wrote:
> From: Gao Feng
>
> Add nf_ct_helper_init, nf_conntrack_helpers_register/unregister
> functions to enhance the conntrack helper codes.
Applied, thanks.
I have manually updated indentations to make it fit to our coding
style, btw.
On Thu, Jul 14, 2016 at 05:51:26PM +0200, Florian Westphal wrote:
> After this change ruleset restore times get again close to what one
> gets when reverting 36472341017529e (~3 seconds on my workstation).
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-deve
Stable-4.1 backport of mainline commit 364723410175 ("netfilter:
x_tables: validate targets of jumps") doesn't handle correctly the fact
that 4.1 kernel is missing commit 482cfc318559 ("netfilter: xtables:
avoid percpu ruleset duplication") so that t->entries is still a per-cpu
array in find_jump_t
If the table and/or chain attributes are set in a rule dump request,
we filter out the rules based on this selection.
Signed-off-by: Pablo Neira Ayuso
---
Compiled tested only.
net/netfilter/nf_tables_api.c | 39 +++
1 file changed, 39 insertions(+)
diff --g
14 matches
Mail list logo