s allocated in the BSS, it is already set to 0
Fixes: 82de0be6862cd ("netfilter: Add helper array
register/unregister functions")
Cc: sta...@vger.kernel.org
Signed-off-by: Christophe Leroy
---
net/netfilter/nf_conntrack_sip.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/net/netf
Le 23/09/2016 à 17:19, Pablo Neira Ayuso a écrit :
On Fri, Sep 23, 2016 at 04:48:32PM +0200, Christophe Leroy wrote:
Le 23/09/2016 à 16:24, Pablo Neira Ayuso a écrit :
On Fri, Sep 23, 2016 at 12:45:06PM +0200, Christophe Leroy wrote:
Le 20/09/2016 à 17:38, Florian Westphal a écrit
Le 23/09/2016 à 16:24, Pablo Neira Ayuso a écrit :
On Fri, Sep 23, 2016 at 12:45:06PM +0200, Christophe Leroy wrote:
Le 20/09/2016 à 17:38, Florian Westphal a écrit :
[...]
nft will need to populate this (or rather, libnftnl will do this on
behalf of nft).
Currently we do this:
nft --debug
Le 20/09/2016 à 17:38, Florian Westphal a écrit :
Christophe Leroy wrote:
Hello Florian and Patrick,
Le 12/04/2016 à 15:51, Florian Westphal a écrit :
Christophe Leroy wrote:
[ nft_ct helper set support ]
Patrick, can you help ?
I have a few pending patches, one of them adds an
Le 20/09/2016 à 10:13, Pablo Neira Ayuso a écrit :
On Fri, Sep 16, 2016 at 06:50:22PM +0200, Christophe Leroy wrote:
Hi
I tried to limit ping flooding by setting the following rule:
nft add rule filter input icmp type echo-request limit rate 10/second accept
This is matching packets under
Hello Florian and Patrick,
Le 12/04/2016 à 15:51, Florian Westphal a écrit :
Christophe Leroy wrote:
[ nft_ct helper set support ]
Patrick, can you help ?
I have a few pending patches, one of them adds an immediate
attr for ctlabel set support.
Lets see if that approach is sane enough to
Hi
I tried to limit ping flooding by setting the following rule:
nft add rule filter input icmp type echo-request limit rate 10/second accept
But it doesn't work, I can still ping flood the target.
What I see is that nft_limit_pkts_eval() is called only once at the
begining of the flood.
After
Do not drop packet when CSeq is 0 as 0 is also a valid value for CSeq.
simple_strtoul() will return 0 either when all digits are 0
or if there are no digits at all. Therefore when simple_strtoul()
returns 0 we check if first character is digit 0 or not.
Signed-off-by: Christophe Leroy
---
v2
Le 04/07/2016 à 07:48, Liping Zhang a écrit :
2016-07-01 17:48 GMT+08:00 Christophe Leroy :
Do not drop packet when CSeq is 0 as 0 is also a valid value for CSeq.
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -1368,6 +1368,7 @@ static int
Do not drop packet when CSeq is 0 as 0 is also a valid value for CSeq.
In order to do so, we replace obsolete simple_strtoul() which
returns 0 on error by kstrtouint(). As kstrtouint() requires a
NULL terminated string, we need to use a temporary buffer
Signed-off-by: Christophe Leroy
---
net
Patrick, can you help ?
Le 09/03/2016 00:25, Christophe Leroy a écrit :
Le 07/03/2016 14:20, Patrick McHardy a écrit :
On 05.03, christophe leroy wrote:
Hello,
I'm trying to implement support for CT HELPERs in linux kernel for
nftables and need some help/guidance.
The rule beeing
Le 07/03/2016 14:20, Patrick McHardy a écrit :
On 05.03, christophe leroy wrote:
Hello,
I'm trying to implement support for CT HELPERs in linux kernel for
nftables and need some help/guidance.
The rule beeing 'udp dport tftp ct helper set "tftp"', I get
nft_ct_set
Hello,
I'm trying to implement support for CT HELPERs in linux kernel for
nftables and need some help/guidance.
The rule beeing 'udp dport tftp ct helper set "tftp"', I get
nft_ct_set_init() called when I add the rule in the table output filter
table.
I believe I have to call nf_ct_helper_
13 matches
Mail list logo
