hello Pablo,
On Fri, 2017-05-19 at 13:39 +0200, Davide Caratti wrote:
> On Fri, 2017-05-19 at 10:41 +0200, Pablo Neira Ayuso wrote:
> > I mean, I can see other spots in the kernel tree that may be affected by
> > this?
> > Or is it that you're only observing this from a path that is specific
> > o
On Tue, May 23, 2017 at 03:51:05PM +0200, Davide Caratti wrote:
> hello Pablo,
> On Fri, 2017-05-19 at 13:39 +0200, Davide Caratti wrote:
> > On Fri, 2017-05-19 at 10:41 +0200, Pablo Neira Ayuso wrote:
> > > I mean, I can see other spots in the kernel tree that may be affected by
> > > this?
> > >
On Fri, May 19, 2017 at 01:45:32PM +0200, Phil Sutter wrote:
> Being able to retrieve an added rule's handle atomically is a crucial
> feature for scripts invoking nft command: Without it, there is no way to
> be sure a handle extracted from 'nft list ruleset' command actually
> refers to the rule
On Fri, May 19, 2017 at 01:45:32PM +0200, Phil Sutter wrote:
> Changes since v2:
> - Introduce --echo flag to turn the feature explicitly on instead of
> reusing --handle option.
> - Don't add NLM_F_ECHO to flags if echo_output is not enabled.
BTW, please, update manpage to document this new opt
On Thu, May 18, 2017 at 04:16:25PM +0200, Alin Nastac wrote:
> Furthermore, this extension use a mix of PRIu64 and %llu formats for
> uint64_t values. IMO it should use only one, for the sake of consistency.
>
> Signed-off-by: Alin Nastac
> ---
> extensions/libxt_hashlimit.c | 2 +-
> 1 file cha
On Fri, May 19, 2017 at 10:11:04PM +0200, Florian Westphal wrote:
> Currently nft inserts different types of dependencies for l4 protocols,
> depending on the family.
>
> For inet, nft inserts 'meta l4proto' to e.g. check for tcp, for
> ip, nft uses 'ip protocol'. Both are fine. The ip6 family ho
On Sun, May 21, 2017 at 10:38:11PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> We need to clear the IPS_SRC_NAT_DONE_BIT to indicate that the ct has
> been removed from nat_bysource table. But unfortunately, we use the
> non-atomic bit operation: "ct->status &= ~IPS_NAT_DONE_MASK". So
> t
On Sat, May 20, 2017 at 05:08:06PM +0800, Xin Long wrote:
> It's a terrible thing to hold dev in iptables target. When the dev is
> being removed, unregister_netdevice has to wait for the dev to become
> free. dmesg will keep logging the err:
>
> kernel:unregister_netdevice: waiting for veth0_in
On Tue, May 23, 2017 at 09:35:33PM +0200, Pablo Neira Ayuso wrote:
> On Tue, May 23, 2017 at 03:51:05PM +0200, Davide Caratti wrote:
> > hello Pablo,
> > On Fri, 2017-05-19 at 13:39 +0200, Davide Caratti wrote:
> > > On Fri, 2017-05-19 at 10:41 +0200, Pablo Neira Ayuso wrote:
> > > > I mean, I can
On Sun, May 21, 2017 at 08:59:45AM +0800, Liping Zhang wrote:
> Hi Florian,
>
> 2017-05-21 8:00 GMT+08:00 Florian Westphal :
> [...]
> > Yes, you're right, seems this was added in
> > 93bb0ceb75be2fdfa9fc0dd1fb522d9ada515d9c (it adds the 'goto out').
>
> I added some trace logs, and when the hash
Pablo Neira Ayuso wrote:
> On Sun, May 21, 2017 at 08:59:45AM +0800, Liping Zhang wrote:
> > Hi Florian,
> >
> > 2017-05-21 8:00 GMT+08:00 Florian Westphal :
> > [...]
> > > Yes, you're right, seems this was added in
> > > 93bb0ceb75be2fdfa9fc0dd1fb522d9ada515d9c (it adds the 'goto out').
> >
>
2017-05-24 6:28 GMT+08:00 Florian Westphal :
> Pablo Neira Ayuso wrote:
[...]
>> I will append the Fixes: tag:
>>
>> Fixes: 89f2e21883b5 ("[NETFILTER]: ctnetlink: change table dumping not to
>> require an unique ID")
>
> That commit looks fine to me, it seems to make sure to put
> "last" only onc
Liping Zhang wrote:
> 2017-05-24 6:28 GMT+08:00 Florian Westphal :
> > Pablo Neira Ayuso wrote:
> [...]
> >> I will append the Fixes: tag:
> >>
> >> Fixes: 89f2e21883b5 ("[NETFILTER]: ctnetlink: change table dumping not to
> >> require an unique ID")
> >
> > That commit looks fine to me, it seem
13 matches
Mail list logo