Клиентские базы Skype: prodawez390 Email: prodawez...@gmail.com Whatsapp: +79139230330

Клиентские базы Skype: prodawez390 Email: prodawez...@gmail.com Whatsapp: +79139230330 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

[PATCH nf-next 1/3] netfilter: introduce accessor functions for hook entries

This allows easier future refactoring. Signed-off-by: Aaron Conole --- include/linux/netfilter.h | 27 +++ net/bridge/br_netfilter_hooks.c | 2 +- net/netfilter/core.c| 10 -- net/netfilter/nf_queue.c| 5 ++--- 4

[PATCH nf-next 2/3] netfilter: decouple nf_hook_entry and nf_hook_ops

From: Aaron Conole During nfhook traversal we only need a very small subset of nf_hook_ops members. We need: - next element - hook function to call - hook function priv argument Bridge netfilter also needs 'thresh'; can be obtained via ->orig_ops. nf_hook_entry struct is

[PATCH nf-next 6/7] conntrack: add nf_conntrack_default_on sysctl

This switch (default on) can be used to disable automatic registration of connection tracking functionality in newly created network namespaces. This means that when net namespace goes down (or the tracker protocol module is unloaded) we *might* have to unregister the hooks. We can either add

[PATCH v4 nf-next] netfilter: allow disabling conntrack-on-by-default

Historically all the netfilter hooks got registered on module load time. When net namespace support was added, hooks were registered in each namespace (and new net namespaces inherit already-registered hooks from global list). This means that once nf_conntrack_ipv4/6.ko is loaded, all existing

[PATCH v4 nf-next 3/7] netfilter: nat: add dependencies on conntrack module

MASQUERADE, S/DNAT and REDIRECT already call functions that depend on the conntrack module. However, since the conntrack hooks are now registered in a lazy fashion (i.e., only when needed) a symbol reference is not enough. Thus, when something is added to a nat table, make sure that it will see

[PATCH v4 nf-next 2/7] netfilter: add and use nf_ct_netns_get/put

currently aliased to try_module_get/_put. Will be changed in next patch when we add functions to make use of ->net argument to store usercount per l3proto tracker. This is needed to avoid registering the conntrack hooks in all netns and later only enable connection tracking in those that need

Re: [PATCH nft 0/3] src: add nft log flags support

2016-11-15 6:21 GMT+08:00 Pablo Neira Ayuso : > On Sun, Sep 25, 2016 at 05:06:58PM +0800, Liping Zhang wrote: >> From: Liping Zhang >> >> After NF_LOG_XXX is exposed to the userspace, we can set log flags to >> log more things. The following

[PATCH nf-next v2 2/4] netfilter: conntrack: built-in support for DCCP

CONFIG_NF_CT_PROTO_DCCP is no more a tristate. When set to y, connection tracking support for DCCP protocol is built-in into nf_conntrack.ko. footprint test: $ ls -l net/netfilter/nf_conntrack{_proto_dccp,}.ko \ net/ipv4/netfilter/nf_conntrack_ipv4.ko \

[PATCH nf-next v2 3/4] netfilter: conntrack: built-in support for SCTP

CONFIG_NF_CT_PROTO_SCTP is no more a tristate. When set to y, connection tracking support for SCTP protocol is built-in into nf_conntrack.ko. footprint test: $ ls -l net/netfilter/nf_conntrack{_proto_sctp,}.ko \ net/ipv4/netfilter/nf_conntrack_ipv4.ko \

[PATCH nf-next v2 4/4] netfilter: conntrack: built-in support for UDPlite

CONFIG_NF_CT_PROTO_UDPLITE is no more a tristate. When set to y, connection tracking support for UDPlite protocol is built-in into nf_conntrack.ko. footprint test: $ ls -l net/netfilter/nf_conntrack{_proto_udplite,}.ko \ net/ipv4/netfilter/nf_conntrack_ipv4.ko \

[PATCH nf-next v2 1/4] netfilter: nf_conntrack_tuple_common.h: fix #include

To allow usage of enum ip_conntrack_dir in include/net/netns/conntrack.h, this patch encloses #include in a #ifndef __KERNEL__ directive, so that compiler errors caused by unwanted inclusion of include/linux/netfilter.h are avoided. In addition, #include line has been added to resolve correctly

[PATCH nf-next v2 0/4] netfilter: built-in conntrack support for DCCP, SCTP, UDPlite

When netfilter needs to match traffic made by one of the above protocols, layer-4 connection tracking functionality will not be available, unless the user explicly loads it in the kernel (e.g. "modprobe nf_conntrack_proto_sctp") or modifies the default kernel configuration and rebuilds. In order

RE: [PATCH 20/39] netfilter: ipset: Use kmalloc() in comment extension helper

From: Pablo Neira Ayuso > Sent: 13 November 2016 22:25 > Allocate memory with kmalloc() rather than kzalloc(): the string > is immediately initialized so it is unnecessary to zero out > the allocated memory area. > > Ported from a patch proposed by Sergey Popovich . > >

[PATCH nf-next 1/2] ipvs: Use IS_ERR_OR_NULL(svc) instead of IS_ERR(svc) || svc == NULL

From: Gao Feng This minor refactoring does not change the logic of function ip_vs_genl_dump_dests. Signed-off-by: Gao Feng Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- net/netfilter/ipvs/ip_vs_ctl.c | 2 +- 1

[PATCH nf-next 2/2] ipvs: Decrement ttl

From: Dwip Banerjee We decrement the IP ttl in all the modes in order to prevent infinite route loops. The changes were done based on Julian Anastasov's suggestions in a prior thread. The ttl based check/discard and the actual decrement are done in __ip_vs_get_out_rt()