Hi,
2017-03-01 1:38 GMT+08:00 Laura Garcia Liebana :
[...]
> +static const struct nft_expr_ops *
> +nft_hash_select_ops(const struct nft_ctx *ctx,
> + const struct nlattr * const tb[])
> +{
> + u32 type;
> +
> + if (!tb[NFTA_HASH_TYPE])
> + return ERR_PT
Fabian Franz wrote:
> I am working on my module but I cannot get the match visible to the nft
> tool. Could you please give me a hint, what is wrong in the code? I have
> uploaded it to my web server: http://files.fabian-franz.eu/nft_auth.c
I do not know what 'visible to the nft tool' means.
No '
Logging output was changed when simple printks without KERN_CONT
are now emitted on a new line and KERN_CONT is required to continue
lines so use pr_cont.
Miscellanea:
o realign arguments
o use print_hex_dump instead of a local variant
Signed-off-by: Joe Perches
---
net/bridge/netfilter/ebt_lo
Hi, Pablo
On Tue, Feb 28, 2017 at 12:48:09PM +0100, Pablo Neira Ayuso wrote:
> So you want to check if the addresses mismatch, so we infer from there
> if there is NAT or not when status bits are not available.
>
> Are you trying to catch up some case in netlink event specifically?
It's nothin
On Sun, Feb 26, 2017 at 3:49 PM, Richard Guy Briggs wrote:
> Eliminate flipping in and out of message fields, dropping fields in the
> process.
>
> Sample raw message format IPv4 UDP:
> type=NETFILTER_PKT msg=audit(1487874761.386:228): mark=0xae8a2732
> saddr=127.0.0.1 daddr=127.0.0.1 proto=17^
Hi all,
I am working on my module but I cannot get the match visible to the nft
tool. Could you please give me a hint, what is wrong in the code? I have
uploaded it to my web server: http://files.fabian-franz.eu/nft_auth.c
The match should be "auth ".
Kind regards
Fabian Franz
--
To unsubsc
This patch provides symmetric hash support according to source
ip address and port, and destination ip address and port.
The new attribute NFTA_HASH_TYPE has been included to support
different types of hashing functions. Currently supported
NFT_HASH_JENKINS through jhash and NFT_HASH_SYM through s
This patch provides symmetric hash support according to source
ip address and port, and destination ip address and port.
For this purpose, the __skb_get_hash_symmetric() is used to
identify the flow as it uses FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL
flag by default.
The new attribute NFTA_HASH_TYPE h
A few announcements:
1) Going forward we are going to be sending more frequent
announcements to the conference discussion/announcement list:
peo...@netdevconf.org
You can subscribe via mailman here:
https://lists.netdevconf.org/cgi-bin/mailman/listinfo/people
We urge people to subscribe to tha
On Tue, Feb 28, 2017 at 01:03:07PM +0100, Florian Westphal wrote:
> Pablo Neira Ayuso wrote:
> > On Sat, Feb 25, 2017 at 10:02:03PM -0600, Dan Williams wrote:
> > > Checking a rule that includes a jump to a module-based target currently
> > > sets the "changed" flag on the handle, which then cause
On Mon, Feb 27, 2017 at 10:41:48PM +0800, Daniel J Blueman wrote:
> On 17 February 2017 at 15:39, Florian Westphal wrote:
> > Daniel J Blueman wrote:
> >
> > [ CC nf-devel, pablo ]
> >
> >> When booting a VM in libvirt/KVM attached to a local bridge and KASAN
> >> enabled on 4.9.10, we see a stre
Pablo Neira Ayuso wrote:
> On Sat, Feb 25, 2017 at 10:02:03PM -0600, Dan Williams wrote:
> > Checking a rule that includes a jump to a module-based target currently
> > sets the "changed" flag on the handle, which then causes TC_COMMIT() to
> > run through the whole SO_SET_REPLACE/SO_SET_ADD_COUNT
Hi, Pablo
On Tue, Feb 28, 2017 at 11:47:25AM +0100, Pablo Neira Ayuso wrote:
> > diff --git a/src/conntrack/objopt.c b/src/conntrack/objopt.c
> > index fb43d6c..1581480 100644
> > --- a/src/conntrack/objopt.c
> > +++ b/src/conntrack/objopt.c
> > @@ -144,10 +144,8 @@ int __setobjopt(struct nf_conn
On Tue, Feb 28, 2017 at 08:44:53PM +0900, Ken-ichirou MATSUZAWA wrote:
> Hi, Pablo
>
> On Tue, Feb 28, 2017 at 11:47:25AM +0100, Pablo Neira Ayuso wrote:
> > > diff --git a/src/conntrack/objopt.c b/src/conntrack/objopt.c
> > > index fb43d6c..1581480 100644
> > > --- a/src/conntrack/objopt.c
> > >
On Sat, Feb 25, 2017 at 10:02:03PM -0600, Dan Williams wrote:
> Checking a rule that includes a jump to a module-based target currently
> sets the "changed" flag on the handle, which then causes TC_COMMIT() to
> run through the whole SO_SET_REPLACE/SO_SET_ADD_COUNTERS path. This
> seems wrong for
From: Colin Ian King
ret is initialized to zero and if it is set to non-zero in the
xt_entry_foreach loop then we exit via the out_free label. Hence
the check for ret being non-zero is redundant and can be removed.
Detected by CoverityScan, CID#1357132 ("Logically Dead Code")
Signed-off-by: Col
On Mon, Feb 27, 2017 at 04:02:48PM +0100, Florian Westphal wrote:
> This series adds initial support to set conntrack helpers via
> the nft objref infrastructure.
>
> As -next is closed I will not push this yet since kernel support
> is still missing.
>
> Currently only supported attributes are:
On Mon, Feb 27, 2017 at 02:43:08PM -0300, Elise Lennion wrote:
> Hashlimit has similar functionality to flow tables in nftables. Some
> usage examples are:
>
> $ iptables-translate -A OUTPUT -m tcp -p tcp --dport 443 -m hashlimit \
> --hashlimit-above 20kb/s --hashlimit-burst 1mb --hashlimit-mode
On Mon, Feb 06, 2017 at 07:47:47PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> When using "-w" to avoid concurrent instances, we try to do flock() every
> one second until it success. But one second maybe too long in some
> situations, and it's hard to select a suitable interval time. So
On Sun, Feb 05, 2017 at 09:57:34PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> After running the following commands, some confusing messages was printed
> out:
> # while : ; do
> iptables -A INPUT &
> iptables -D INPUT &
> done
> [...]
> Another app is currently holding the xt
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi Ken-ichirou,
On Tue, Feb 28, 2017 at 02:00:41PM +0900, Ken-ichirou MATSUZAWA wrote:
> From 9e8aa4ed079b526faf190b69a2c1032f22776602 Mon Sep 17 00:00:00 2001
> From: Ken-ichirou MATSUZAWA
> Date: Tue, 28 Feb 2017 11:34:29 +0900
> Subject: [PATCH 2/2] conntrack: revert getobjopt_is_nat condition
22 matches
Mail list logo