On Wed, Dec 27, 2017 at 10:31:04AM +1100, Duncan Roe wrote:
> On Tue, Dec 19, 2017 at 08:20:31PM +0530, Harsha Sharma wrote:
> > On Tue, Dec 19, 2017 at 7:31 PM, Pablo Neira Ayuso
> > wrote:
> > > On Tue, Dec 19, 2017 at 05:57:16PM +0530, Harsha Sharma wrote:
> > >> @@ -1340,7 +1345,9 @@ static i
Hi Dear,
Reading your profile has given me courage in search of a reasponsable
and trust worthy Fellow. The past has treated me so awfully but now I
am ready to move on despite of my health condition. I will like to
have a sincere and important discussion with you that will be in your
favor likewi
On Wed, Dec 27, 2017 at 10:31:04AM +1100, Duncan Roe wrote:
> On Tue, Dec 19, 2017 at 08:20:31PM +0530, Harsha Sharma wrote:
> > On Tue, Dec 19, 2017 at 7:31 PM, Pablo Neira Ayuso
> > wrote:
> > > On Tue, Dec 19, 2017 at 05:57:16PM +0530, Harsha Sharma wrote:
> > >> @@ -1340,7 +1345,9 @@ static i
Hi Pablo,
On Mon, Dec 18, 2017 at 10:48:16AM +0100, Pablo Neira Ayuso wrote:
> Hi Duncan,
>
> On Sat, Dec 16, 2017 at 08:22:10PM +1100, Duncan Roe wrote:
> > Hi,
> >
> > For those who contribute to the wiki:
> >
> > I updated
> > https://wiki.nftables.org/wiki-nftables/index.php/Flow_tables sectio
On Wed, Dec 27, 2017 at 09:38:13PM +1100, Duncan Roe wrote:
> Hi Pablo,
>
> On Mon, Dec 18, 2017 at 10:48:16AM +0100, Pablo Neira Ayuso wrote:
> > Hi Duncan,
> >
> > On Sat, Dec 16, 2017 at 08:22:10PM +1100, Duncan Roe wrote:
> > > Hi,
> > >
> > > For those who contribute to the wiki:
> > >
> > >
We cannot make a direct call to nf_ip6_checksum_partial() because that
would result in autoloading the 'ipv6' module because of symbol
dependencies. Therefore, define checksum_partial indirection in
nf_ipv6_ops where this really belongs to.
For IPv4, we can indeed make a direct function call, whi
We cannot make a direct call to nf_ip6_checksum() because that would
result in autoloading the 'ipv6' module because of symbol dependencies.
Therefore, define checksum indirection in nf_ipv6_ops where this really
belongs to.
For IPv4, we can indeed make a direct function call, which is faster,
giv
This patch gets rid of the struct nf_afinfo abstraction [1].
Previous patchset version was flawed with CONFIG_NETFILTER=y and
CONFIG_INET=n which is valid combination too.
Send a new version to address problems that have been spotted by the
kbuild robot.
[1] https://marc.info/?l=netfilter-devel&
This abstraction has no clients anymore, remove it.
Signed-off-by: Pablo Neira Ayuso
---
include/linux/netfilter.h | 13 -
net/bridge/netfilter/nf_tables_bridge.c | 16
net/ipv4/netfilter.c| 10 --
net/ipv6/netfilter.c
We cannot make a direct call to nf_ip6_reroute() because that would result
in autoloading the 'ipv6' module because of symbol dependencies.
Therefore, define reroute indirection in nf_ipv6_ops where this really
belongs to.
For IPv4, we can indeed make a direct function call, which is faster,
given
We cannot make a direct call to nf_ip6_route() because that would result
in autoloading the 'ipv6' module because of symbol dependencies.
Therefore, define route indirection in nf_ipv6_ops where this really
belongs to.
For IPv4, we can indeed make a direct function call, which is faster,
given IPv
This is only used by nf_queue.c and this function comes with no symbol
dependencies with IPv6, it just refers to structure layouts. Therefore,
we can replace it by a direct function call from where it belongs.
Signed-off-by: Pablo Neira Ayuso
---
include/linux/netfilter.h | 2 --
This is only needed by nf_queue, place this code where it belongs.
Signed-off-by: Pablo Neira Ayuso
---
include/linux/netfilter.h | 1 -
net/ipv4/netfilter.c | 1 -
net/ipv6/netfilter.c | 1 -
net/netfilter/nf_queue.c | 22 --
4 files changed, 16 insertions(+),
On Wed, Dec 27, 2017 at 7:18 PM, syzbot
wrote:
> Hello,
>
> syzkaller hit the following crash on
> beacbc68ac3e23821a681adb30b45dc55b17488d
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is a
Dmitry Vyukov wrote:
> On Wed, Dec 27, 2017 at 7:18 PM, syzbot
> wrote:
> > Hello,
> >
> > syzkaller hit the following crash on
> > beacbc68ac3e23821a681adb30b45dc55b17488d
> > git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
> > compiler: gcc (GCC) 7.1.1 20170620
> > .conf
On Wed, Dec 27, 2017 at 12:13:26PM +0100, Pablo Neira Ayuso wrote:
> On Wed, Dec 27, 2017 at 10:31:04AM +1100, Duncan Roe wrote:
> > On Tue, Dec 19, 2017 at 08:20:31PM +0530, Harsha Sharma wrote:
> > > On Tue, Dec 19, 2017 at 7:31 PM, Pablo Neira Ayuso
> > > wrote:
> > > > On Tue, Dec 19, 2017 at
Do not print timeout and burst in case default values are used.
For e.g.
iptables-translate -A INPUT -m tcp -p tcp --dport 80 -m hashlimit
--hashlimit-above 200/sec --hashlimit-mode srcip,dstport
--hashlimit-name http1 -j DROP
nft add rule ip filter INPUT tcp dport 80 flow table http1 { tcp dport
17 matches
Mail list logo
