On Fri, Sep 02, 2016 at 08:35:55AM +0200, Manfred Spraul wrote:
> On 09/01/2016 06:41 PM, Peter Zijlstra wrote:
> >On Thu, Sep 01, 2016 at 04:30:39PM +0100, Will Deacon wrote:
> >>On Thu, Sep 01, 2016 at 05:27:52PM +0200, Manfred Spraul wrote:
> >>>Since spin_unlock_wait() is defined as equivalent
Liping Zhang wrote:
> From: Liping Zhang
>
> NFTA_TRACE_POLICY attribute is big endian, but we forget to call
> htonl to convert it. Fortunately, this attribute is parsed as big
> endian in libnftnl.
It is however handled as u16, not u32. Care
The _modulus_ attribute will be reused as _until_, as it's similar to
other expressions with value limits (ex. hash).
Renaming is possible according to the kernel module ntf_numgen that has
not been released yet.
Signed-off-by: Laura Garcia Liebana
---
Changes in V2:
-
The _until_ attribute is renamed to _modulus_ as the behaviour is similar to
other expresions with number limits (ex. nft_hash).
Renaming is possible because there isn't a kernel release yet with these
changes.
Signed-off-by: Laura Garcia Liebana
---
Changes in V2:
-
Liping Zhang wrote:
> From: Liping Zhang
>
> NFTA_TRACE_NFPROTO and NFTA_TRACE_POLICY attribute is 32-bit
> value, so we should use mnl_attr_get_u32 and htonl here.
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe
From: Liping Zhang
NFTA_TRACE_POLICY attribute is big endian, but we forget to call
htonl to convert it. Fortunately, this attribute is parsed as big
endian in libnftnl.
Signed-off-by: Liping Zhang
---
net/netfilter/nf_tables_trace.c |
From: Liping Zhang
It is better to add square brackets to ip6 address in nft translation
output when the port is specified. This is keep consistent with the
nft syntax.
Before this patch:
# ip6tables-translate -t nat -A OUTPUT -p tcp -j DNAT --to-destination \
Sync this with the kernel header file we currently have in tree.
This patch addresses the compilation warning and breakage as result of
this header update, specifically the "attibute" typo in trace and
missing default case in expr/numgen.c.
Signed-off-by: Pablo Neira Ayuso
On Fri, Sep 02, 2016 at 11:08:48AM +0200, Florian Westphal wrote:
> I - discard extra nfct entry when cloning. Works, but obviously not
> compatible in any way (the clones are INVALID).
This approach is simple and it would only break when packets are
flooded to all ports, actually this is not
On Fri, Sep 02, 2016 at 10:39:37AM +0200, Laura Garcia Liebana wrote:
> Add support for an initialization counter value. With this option the
> sysadmin is able to start the counter when used with the increment
> type.
>
> Example:
>
> meta mark set numgen inc mod 2 sum 100
>
> This will
Hi.
This is a note to summarize state of bridge + br_netfilter + nfqueue.
TL;DR: I am giving up. I see no way to fix this in a sane fashion.
What I tried:
I - discard extra nfct entry when cloning. Works, but obviously not
compatible in any way (the clones are INVALID).
II - add locking
Add support for an initialization counter value. With this option the
sysadmin is able to start the counter when used with the increment
type.
Example:
meta mark set numgen inc mod 2 sum 100
This will generate marks with the serie 100, 101, 100, 101, ...
The _until_ attribute is
Hi Florian,
On Fri, Sep 2, 2016 at 2:59 PM, Florian Westphal wrote:
> f...@ikuai8.com wrote:
>> From: Gao Feng
>>
>> When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj
>> extension. But the function nf_ct_seqadj_init
f...@ikuai8.com wrote:
> From: Gao Feng
>
> When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj
> extension. But the function nf_ct_seqadj_init doesn't check if get valid
> seqadj pointer by the nfct_seqadj, while other functions perform
f...@ikuai8.com wrote:
> From: Gao Feng
>
> Print the warning log when fail to add seqadj extension like
> nf_ct_acct_ext_add does. It could be helpful to find the problem.
Failure to add ext area means that we're pretty much completely out
of memory. There
On 09/01/2016 06:41 PM, Peter Zijlstra wrote:
On Thu, Sep 01, 2016 at 04:30:39PM +0100, Will Deacon wrote:
On Thu, Sep 01, 2016 at 05:27:52PM +0200, Manfred Spraul wrote:
Since spin_unlock_wait() is defined as equivalent to spin_lock();
spin_unlock(), the memory barrier before
16 matches
Mail list logo