Daniel J Blueman wrote:
[ CC nf-devel, pablo ]
> When booting a VM in libvirt/KVM attached to a local bridge and KASAN
> enabled on 4.9.10, we see a stream of KASAN warnings about off-slab
> access [1].
>
> Let me know if you'd like more debug.
Does this patch help?
Subject: [PATCH nf] netfil
On 2017-02-16 20:57, Paul Moore wrote:
> [NOTE: I'll respond back to the other part of your email later but I'm
> running out of time in the day and this was a quick but important
> response]
>
> On Thu, Feb 16, 2017 at 5:36 PM, Richard Guy Briggs wrote:
> > Steve has requested the subject attrib
[NOTE: I'll respond back to the other part of your email later but I'm
running out of time in the day and this was a quick but important
response]
On Thu, Feb 16, 2017 at 5:36 PM, Richard Guy Briggs wrote:
> Steve has requested the subject attributes which prefixes 7 fields.
I already commented
On 2017-02-14 16:06, Paul Moore wrote:
> On Mon, Feb 13, 2017 at 7:24 PM, Richard Guy Briggs wrote:
> > On 2017-02-13 18:50, Paul Moore wrote:
> >> On Mon, Feb 13, 2017 at 3:50 PM, Richard Guy Briggs
> >> wrote:
>
> ...
>
> >> > useless?smac, dmac, macproto
> >>
> >> Probably useless i
On 2017-02-15 19:32, Paul Moore wrote:
> On Mon, Feb 13, 2017 at 7:24 PM, Richard Guy Briggs wrote:
> > On 2017-02-13 18:50, Paul Moore wrote:
> >> On Mon, Feb 13, 2017 at 3:50 PM, Richard Guy Briggs
> >> wrote:
>
> ...
>
> >> > helpful action, hook
> >>
> >> I haven't checked, but do
On 2017-02-14 16:31, Steve Grubb wrote:
> On Monday, February 13, 2017 3:50:05 PM EST Richard Guy Briggs wrote:
> > > > > > The alternatives that I currently see are to drop packets for which
> > > > > > there is no local process ownership, or to leave the ownership
> > > > > > fields unset.
> > >
On Wed, 15 Feb 2017, Vishwanath Pai wrote:
> On 02/15/2017 04:33 AM, Jozsef Kadlecsik wrote:
> > On Tue, 14 Feb 2017, Vishwanath Pai wrote:
> >
> >> I noticed that in recent versions of ipset the parameter 'size' in set
> >> type list:set is ignored. I noticed this change in the latest upstream
Hi,
On Wed, 15 Feb 2017, Vishwanath Pai wrote:
> If we use before/after to add an element to an empty list it will cause
> a kernel panic.
>
> $> cat crash.restore
> create a hash:ip
> create b hash:ip
> create test list:set timeout 5 size 4
> add test b before a
>
> $> ipset -R < crash.restore
On Mon, Feb 13, 2017 at 02:47:11PM -0200, Elise Lennion wrote:
> This patch adds the missing documentation for maps. Also, updates sets
> policy to match maps.
Applied, thanks Elise.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...
Pablo Neira Ayuso wrote:
> On Wed, Feb 15, 2017 at 11:19:03PM +0100, Florian Westphal wrote:
> > Pablo Neira Ayuso wrote:
> > > > Note from myself, i dislike L3PROTO, it would be nicer to be able
> > > > to handle this via the table family but I did not yet find a way
> > > > to detect this from
On Wed, Feb 15, 2017 at 11:19:03PM +0100, Florian Westphal wrote:
> Pablo Neira Ayuso wrote:
> > > Note from myself, i dislike L3PROTO, it would be nicer to be able
> > > to handle this via the table family but I did not yet find a way
> > > to detect this from the obj->init() function.
> >
> > W
Phil Sutter wrote:
> Looks like some chunks went by the board while merging with exthdr->op
> patch.
I've pushed this one, thanks Phil.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Florian,
Am Do den 16. Feb 2017 um 9:41 schrieb Florian Westphal:
> Klaus Ethgen wrote:
> > > 2. ftp server uses foreign (non-local) ip addresses in PORT command
> > >(this needs fixing of ftp server or use of 'loose' mode, see modinfo
> >
Looks like some chunks went by the board while merging with exthdr->op
patch.
Fixes: 4196376330468 ("exthdr: Add support for exthdr flags")
Signed-off-by: Phil Sutter
---
src/expr/exthdr.c | 4
1 file changed, 4 insertions(+)
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index 143ad54
Ken-ichirou MATSUZAWA wrote:
> Signed-off-by: Ken-ichirou MATSUZAWA
Thanks for fixing this problem.
Acked-by: Florian Westphal
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger
Signed-off-by: Ken-ichirou MATSUZAWA
---
include/uapi/linux/netfilter/nfnetlink_queue.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/netfilter/nfnetlink_queue.h
b/include/uapi/linux/netfilter/nfnetlink_queue.h
index ae30841..d42f0396 100644
--- a/include
Klaus Ethgen wrote:
> > 2. ftp server uses foreign (non-local) ip addresses in PORT command
> >(this needs fixing of ftp server or use of 'loose' mode, see modinfo
> > nf_conntrack_ftp)
>
> It is a standard proftpd with the following relevant settings:
>PassivePorts 52100 52199
>M
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Florian,
Am Do den 16. Feb 2017 um 1:17 schrieb Florian Westphal:
> Klaus Ethgen wrote:
[Contrack and DNAT]
> > Here are the relevant entries in iptables:
> > iptables -t raw -A PREROUTING -p tcp -m tcp --dport 21 -j CT --helper ftp
> > iptable
18 matches
Mail list logo
