From: Pablo Neira Ayuso
Date: Mon, 5 Sep 2016 12:58:15 +0200
> Hi David,
>
> The following patchset contains Netfilter updates for your net-next
> tree. Most relevant updates are the removal of per-conntrack timers to
> use a workqueue/garbage collection approach instead
On Mon, Sep 05, 2016 at 08:57:19PM +0200, Manfred Spraul wrote:
> On 09/02/2016 09:22 PM, Peter Zijlstra wrote:
> Anyone around with a ppc or arm? How slow is the loop of the
> spin_unlock_wait() calls?
> Single CPU is sufficient.
>
> Question 1: How large is the difference between:
>
Hi Pablo,
On Tue, Sep 6, 2016 at 10:54 PM, Gao Feng wrote:
> inline
>
> On Tue, Sep 6, 2016 at 10:51 PM, Florian Westphal wrote:
>> f...@ikuai8.com wrote:
>>> From: Gao Feng
>>>
>>> When memory is exhausted,
Hi Pablo,
On Tue, Sep 6, 2016 at 6:17 PM, Pablo Neira Ayuso wrote:
> On Tue, Sep 06, 2016 at 09:57:23AM +0800, f...@ikuai8.com wrote:
>> From: Gao Feng
>>
>> When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj
>> extension. But the
inline
On Tue, Sep 6, 2016 at 10:51 PM, Florian Westphal wrote:
> f...@ikuai8.com wrote:
>> From: Gao Feng
>>
>> When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj
>> extension. But the function nf_ct_seqadj_init doesn't
f...@ikuai8.com wrote:
> From: Gao Feng
>
> When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj
> extension. But the function nf_ct_seqadj_init doesn't check if get valid
> seqadj pointer by the nfct_seqadj.
>
> Now drop the packet
From: Gao Feng
When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj
extension. But the function nf_ct_seqadj_init doesn't check if get valid
seqadj pointer by the nfct_seqadj.
Now drop the packet directly when fail to add seqadj extension to avoid
From: Liping Zhang
Imagine such situation, user add the following nft rules, and queue
the packets to userspace for further check:
# ip rule add fwmark 0x0/0x1 lookup eth0
# ip rule add fwmark 0x1/0x1 lookup eth1
# nft add table filter
# nft add chain filter
Hi,
On Mon, Sep 05, 2016 at 06:52:43PM +0200, Pablo Neira Ayuso wrote:
> On Tue, Aug 30, 2016 at 07:39:50PM +0200, Phil Sutter wrote:
> > As netlink_get_register() may return NULL, we must not pass the returned
> > data unchecked to expr_set_type() as that will dereference it. Since the
> >
Pablo Neira Ayuso wrote:
> On Fri, Sep 02, 2016 at 12:22:44PM +0200, Florian Westphal wrote:
> > Pablo Neira Ayuso wrote:
> > > On Fri, Sep 02, 2016 at 11:58:53AM +0200, Pablo Neira Ayuso wrote:
> > > > On Fri, Sep 02, 2016 at 11:08:48AM +0200, Florian
Manuel Johannes Messner wrote:
> This commit removes some duplicated tests.
Looks good, I've pushed all three patches to nftables master, thanks Manuel.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a
inline
On Tue, Sep 6, 2016 at 6:17 PM, Pablo Neira Ayuso wrote:
> On Tue, Sep 06, 2016 at 09:57:23AM +0800, f...@ikuai8.com wrote:
>> From: Gao Feng
>>
>> When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj
>> extension. But the
On Tue, Sep 06, 2016 at 09:57:23AM +0800, f...@ikuai8.com wrote:
> From: Gao Feng
>
> When memory is exhausted, nfct_seqadj_ext_add may fail to add the seqadj
> extension. But the function nf_ct_seqadj_init doesn't check if get valid
> seqadj pointer by the nfct_seqadj.
>
> Now
On Fri, Sep 02, 2016 at 12:22:44PM +0200, Florian Westphal wrote:
> Pablo Neira Ayuso wrote:
> > On Fri, Sep 02, 2016 at 11:58:53AM +0200, Pablo Neira Ayuso wrote:
> > > On Fri, Sep 02, 2016 at 11:08:48AM +0200, Florian Westphal wrote:
> > > > I - discard extra nfct entry
Hello folks,
Tokyo is still being in a hot weather but it'll start
comfortable autumn very soon.
Here is an weekly update of Netdev 1.2 Tokyo.
We again extended the deadline of early bird registration.
Please don't miss the discount ticket - and your early
registration will be definitely
Add support to pass through an offset to the hash value. With this
feature, the sysadmin is able to generate a hash with a given
offset value.
Example:
meta mark set jhash ip saddr mod 2 seed 0xabcd sum 100
This option generates marks according to the source address from 100 to
101.
16 matches
Mail list logo