On Wed, Jul 19, 2017 at 07:17:36PM +0200, Pablo Neira Ayuso wrote:
> On Wed, Jul 19, 2017 at 03:05:28PM +0200, Phil Sutter wrote:
> > diff --git a/include/rule.h b/include/rule.h
> > index a25e99bdf4cfd..6acd5fa810ef5 100644
> > --- a/include/rule.h
> > +++ b/include/rule.h
> > @@ -217,6 +217,7 @@
On Wed, Jul 19, 2017 at 03:05:28PM +0200, Phil Sutter wrote:
> diff --git a/include/rule.h b/include/rule.h
> index a25e99bdf4cfd..6acd5fa810ef5 100644
> --- a/include/rule.h
> +++ b/include/rule.h
> @@ -217,6 +217,7 @@ extern struct rule *rule_lookup(const struct chain
> *chain, uint64_t handle);
On Wed, Jul 19, 2017 at 03:05:26PM +0200, Phil Sutter wrote:
> This is v4 of 'nft monitor' fixes for range elements. Apart from
> changing the new flag's location in struct expr as requested, this
> series now also covers mappings.
Series applied, thanks Phil!
--
To unsubscribe from this list: sen
On Wed, Jul 19, 2017 at 06:04:07PM +0530, Varsha Rao wrote:
> Remove variable nf_mon_sock of type structure mnl_socket to avoid
> duplicity. Instead variable nf_sock of the same type is passed as
> argument to netlink_monitor(). Also remove netlink_open_mon_sock()
> function definition, which is no
Now that they contain process information, they're actually interesting.
For backwards compatibility, print process information only if it was
present in the message.
Signed-off-by: Phil Sutter
---
include/linux/netfilter/nf_tables.h | 2 ++
src/netlink.c | 40
This is helpful for 'nft monitor' to track which process caused a given
change to the ruleset.
Signed-off-by: Phil Sutter
---
include/uapi/linux/netfilter/nf_tables.h | 2 ++
net/netfilter/nf_tables_api.c| 5 -
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/include
This implements testing of 'nft monitor' output correctness and adds a
number of testcases for named sets.
Signed-off-by: Phil Sutter
---
Changes since v1:
- Drop unused chain creation in testcases.
- Add testcase for mappings.
---
tests/monitor/run-tests.sh | 78
From: Arturo Borrero Gonzalez
If you add set elements to interval sets, the output is wrong.
Fix this by caching first element of the range (first event),
then wait for the second element of the range (second event) to
print them both at the same time.
We also avoid printing the first null eleme
This is v4 of 'nft monitor' fixes for range elements. Apart from
changing the new flag's location in struct expr as requested, this
series now also covers mappings.
Arturo Borrero Gonzalez (1):
monitor: Fix printing of range elements in named sets
Phil Sutter (2):
segtree: Introduce flag for
This flag is required by userspace only, so can live within userdata.
It's sole purpose is for 'nft monitor' to detect half-open ranges (which
are comprised of a single element only).
Signed-off-by: Phil Sutter
---
Changes since v1:
- Introduce dedicated EXPR_SET_ELEM field 'elem_flags' to hold u
Remove variable nf_mon_sock of type structure mnl_socket to avoid
duplicity. Instead variable nf_sock of the same type is passed as
argument to netlink_monitor(). Also remove netlink_open_mon_sock()
function definition, which is no longer required.
Signed-off-by: Varsha Rao
---
include/netlink.h
On Wed, Jul 19, 2017 at 12:29:58PM +1200, Xin Long wrote:
> On Wed, Jul 19, 2017 at 12:56 AM, Sabrina Dubroca
> wrote:
> > When we delete a netns with a CLUSTERIP rule, clusterip_net_exit() is
> > called first, removing /proc/net/ipt_CLUSTERIP.
> > Then clusterip_config_entry_put() is called from
Hello,
On Wed, 19 Jul 2017, Taehee Yoo wrote:
> This patch removes duplicate rcu_read_lock().
>
> 1. IPVS part
> According to Julian Anastasov's mention, contexts of ipvs are below. [1]
> - packet RX/TX: does not need locks because packets come from hooks
> - sync msg RX: backup serve
13 matches
Mail list logo
