On 06.03, Nicholas Krause wrote:
> This adds the proper snprintf and break statement for formatting
> the vlan_net structure pointer, vn's name using snprintf for if
> the switch case, VLAN_NAME_TYPE_PLUS_VID occurs for this particular
> switch statement inside the function, register_vlan_device.
>
On 30.01, Lucas Tanure wrote:
> As suggested by checkpatch.pl:
> CHECK: Prefer kernel type 'uX' over 'uintX_t'
You might have noticed we have literally hundreds of them spread over 100
files in the netfilter code. We'll gradually change them when the code is
touched anyways.
> net/ipv4/netfilter
On 30.06, Li Zhijian wrote:
> |ping...
>
> and i have another question:
> can i add a new |||nf_ct_ext_id simply without touching the exiting kernel
> code?|
No, the kernel needs to know the highest extension ID in order to
allocate space for the offsets.
> in order to support COLO-Proxy, i need
On 14.04, Honggang Li wrote:
> Signed-off-by: Honggang Li
> ---
> drivers/net/macvlan.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
> index b227a13..1e59f39 100644
> --- a/drivers/net/macvlan.c
> +++ b/drivers/net/macv
On 14.04, Honggang LI wrote:
> On Tue, Apr 14, 2015 at 04:26:27PM +0100, Patrick McHardy wrote:
> >
> > That is completely useless. vlan (=netdev_priv) can not be NULL as
> > netdev_priv() never returns NULL and vlan->lowerdev is always valid
> > because a ma
On 02.03, Joe Stringer wrote:
> From: Andy Zhou
>
> Currently, ip_defrag() does not keep track of the maximum fragmentation
> size for each fragmented packet. This information is not necessary since
> current Linux IP fragmentation always fragments a packet based on output
> devices' MTU.
It doe
On 02.01, Thomas Graf wrote:
> Hash the key inside of rhashtable_lookup_compare() like
> rhashtable_lookup() does. This allows to simplify the hashing
> functions and keep them private.
One more question:
> diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
> index 1e316ce..614ee09
On 12.01, Patrick Schaaf wrote:
> On Monday 12 January 2015 08:51:54 Eric Dumazet wrote:
> > On Mon, 2015-01-12 at 17:39 +0100, Patrick Schaaf wrote:
> > >
> > > Not to comment on the ifalias thing, which I think is unneccessary,
> > > too, but matching on interface names instead of only ifindex,
On 1. August 2014 15:51:45 GMT+01:00, Thomas Graf wrote:
>On 08/01/14 at 03:12pm, Patrick McHardy wrote:
>> On 1. August 2014 14:49:01 GMT+01:00, Thomas Graf
>wrote:
>> >On 08/01/14 at 02:21pm, Nikolay Aleksandrov wrote:
>> >> Sorry for the late response but I
On 1. August 2014 14:49:01 GMT+01:00, Thomas Graf wrote:
>On 08/01/14 at 02:21pm, Nikolay Aleksandrov wrote:
>> Sorry for the late response but I just got around to check the 3rd
>patch now,
>> so my question about this fragment is: before nft_hash_remove() would
>free the
>> element after removal
On 1. August 2014 11:39:01 GMT+01:00, Thomas Graf wrote:
>On 08/01/14 at 11:17am, Patrick McHardy wrote:
>> On 1. August 2014 09:52:00 GMT+01:00, Thomas Graf
>wrote:
>> >If the set size is known in advance, the table is sized accordingly,
>> >otherwise the table si
n iterations.
That's assuming a sufficient number of entries will be added. I think there
will be many cases in nftables where the number will be lower. Since
expansion is not very expansive this number was chosen very deliberately
and I'd prefer to keep it.
Other than that:
Acked-by: P
er by Josh Triplett, Paul E. McKenney
> + * and Jonathan Walpole:
> + * https://www.usenix.org/legacy/event/atc11/tech/final_files/Triplett.pdf
> + *
> + * Code partially derived from nft_hash:
> + * Copyright (c) 2008-2014 Patrick McHardy
Minor request: german copyright law as an a
On Tue, Apr 01, 2014 at 12:43:36AM +0900, Masanari Iida wrote:
> Fix format string mismatch in mangle_connect_len()
All these patches seem like pointless noise to me. In none of these
cases can the value legitimately be negative. If anything, you should
fix the types to be unsigned.
>
> Signed-o
On Thu, Mar 27, 2014 at 04:50:33PM +0100, Florian Westphal wrote:
> Andrey Vagin wrote:
> > "len" contains sizeof(nf_ct_ext) and size of extensions. In a worst
> > case it can contain all extensions. Bellow you can find sizes for all
> > types of extensions. Their sum is definitely bigger than 256
t; I have seen "len" up to 280 and my host has crashes w/o this patch.
Very nice catch. I suppose we also need to either increase the size of
offset[] or rearrange the extension so 4 (ECACHE) comes last.
>
> Cc: Pablo Neira Ayuso
> Cc: Patrick McHardy
> Cc: Jozsef
On Tue, Mar 25, 2014 at 08:50:56AM -0400, Richard Guy Briggs wrote:
> + if (nlk->netlink_bind && nladdr->nl_groups) {
> + int i;
> +
> + for (i = 0; i < nlk->ngroups; i++)
> + if (test_bit(i, (long unsigned int
> *)&nladdr->nl_groups)) {
> +
On Thu, Feb 13, 2014 at 10:32:45AM -0800, Cong Wang wrote:
> On Thu, Feb 13, 2014 at 2:30 AM, Jozsef Kadlecsik
> wrote:
> > On Thu, 13 Feb 2014, Ilia Mirkin wrote:
> >> messages in my dmesg. This might be because of some local
> >> configuration changes I've made, or perhaps a kernel upgrade. Eith
Commit b1a1442a2 (HID: core: fix reporting of raw events) introduced a
regression that causes lockups for bluetooth trackpads.
This was already discussed in this thread in September:
http://www.kernelhub.org/?p=2&msg=329823
but it seems nothing has been fixed so far, I still get the lockups
in 3
On Thu, May 02, 2013 at 04:16:25AM -0400, David Miller wrote:
> From: Patrick McHardy
> Date: Thu, 2 May 2013 09:03:37 +0200
>
> > I'll also have a look at this.
>
> By the mere existence of /sys/devices/${DEV_PATH}/net/${netdev_name}/flags
> we have to preserve
On Thu, May 02, 2013 at 02:45:52AM -0400, David Miller wrote:
> From: Linus Torvalds
> Date: Wed, 1 May 2013 21:55:38 -0700
>
> > I think the positions of those bits matter, and adding
> > NETIF_F_HW_VLAN_STAG_*_BIT randomly in the middle broke things. That's
> > backed up by the fact that we hav
On Thu, Feb 07, 2013 at 12:58:01PM +0100, Stefan Priebe - Profihost AG wrote:
> Hi Patrick,
>
> thanks for your fast response.
>
> > So please describe the entire GVRP message exchange that's going
> > on.
> I've attached two small pcap files.
>
> has_bridge.pcap: is where eth1 has a bridge and
On Thu, Feb 07, 2013 at 11:56:38AM +0100, Stefan Priebe - Profihost AG wrote:
> Hello list,
>
> this was tested using vanilla 3.7.6 kernel.
>
> When i add a vlan to an ethernet device supporting gvrp everything is
> fine until this ethernet device also had a bridge.
>
> This works fine as long a
Martin Michlmayr wrote:
With 2.6.25-rc3 and a config file with
CONFIG_CRYPTO_DEV_HIFN_795X=m
CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y
I get the following build error on at least ARM and MIPS:
Building modules, stage 2.
MODPOST 759 modules
ERROR: "__divdi3" [drivers/crypto/hifn_795x.ko] undefined!
Jan Engelhardt wrote:
I have released “Xtables” 1.5.1, which is a package of my ongoing
iptables development¹ that I did lately. Patrick McHardy was not
available last week to merge patches due to higher powers, so I
branched off the iptables subversion trunk into git since quilting on
top of
Stephen Hemminger wrote:
On Thu, 21 Feb 2008 12:28:50 +0100
Patrick McHardy <[EMAIL PROTECTED]> wrote:
diff --git a/net/netfilter/nf_conntrack_core.c
b/net/netfilter/nf_conntrack_core.c
index 327e847..b77eb56 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/net
736b33102292be0d75be1e950ca9bcd5361db7dd
Author: Patrick McHardy <[EMAIL PROTECTED]>
Date: Thu Feb 21 12:26:01 2008 +0100
[NETFILTER]: nf_conntrack: fix smp_processor_id() in preemptible code
warning
Since we're using RCU for the conntrack hash now, we need to avoid
Tilman Schmidt wrote:
Still, X came up fine, I could log in (Gnome feeling subjectively
a bit sluggish), call up a web page from the Internet in Firefox,
and start perusing the logs, when the whole system froze: neither
mouse nor keyboard would react anymore, and only the Wind^Wreset
button would
Jan Engelhardt wrote:
On Feb 20 2008 15:47, Ilpo Järvinen wrote:
-23668 392 funcs, 104 +, 23772 -, diff: -23668 --- dev_alloc_skb
-static inline struct sk_buff *dev_alloc_skb(unsigned int length)
-{
- return __dev_alloc_skb(length, GFP_ATOMIC);
-}
+extern struct sk_buff *dev_alloc_skb(un
Ilpo Järvinen wrote:
~500 files changed
...
kernel/uninlined.c:
skb_put | +104
1 function changed, 104 bytes added, diff: +104
vmlinux.o:
869 functions changed, 198 bytes added, 111003 bytes removed, diff: -110805
This change is INCOMPLETE, I think that the call to cur
Adrian Bunk wrote:
This patch removes the no longer used include/linux/netfilter_ipv4/ipt_SAME.h
We kept it around because old iptables binaries need it to build.
The kernel no longer supports it, but people might still wish to
use a distributor-built iptables binary with old kernels. It will
David Miller wrote:
From: Jozsef Kadlecsik <[EMAIL PROTECTED]>
Date: Thu, 14 Feb 2008 16:02:29 +0100 (CET)
Hi,
On Sun, 10 Feb 2008, Jeff Chua wrote:
Please note the lastest git commit is missing one part (which was in Jozsef's
original patch).
Sorry everyone, that's my fault: the patch I sen
David Miller wrote:
From: Jan Engelhardt <[EMAIL PROTECTED]>
Date: Sun, 10 Feb 2008 22:02:35 +0100 (CET)
I have been unable to reach the netfilter and net maintainers the past
week regarding inclusion of patches, but most importantly a group of
fixes at [0]-[3]. I am kind of at a loss here but
Jozsef Kadlecsik wrote:
On Tue, 5 Feb 2008, Jeff Chua wrote:
On Feb 5, 2008 4:17 AM, Jozsef Kadlecsik <[EMAIL PROTECTED]> wrote:
Actively closed connections are not handled properly, i.e. the initiator of
the active close should not be taken into account. So could you give a try
to the patch
Jiri Moravec wrote:
Function iprange_mt4 belong to IPv4 family - AF_INET. Right?
.name = "iprange",
.revision = 1,
.family= AF_INET6, <-- Typo?
.match = iprange_mt4,
Fixed, thanks Jiri.
--
To unsubscribe from this list: send the line "unsub
networking merge i guess.
Oops, thanks Ingo. Attached patch should fix it.
commit 28383868d7999539f35ae0c2dfbde103a1d3
Author: Patrick McHardy <[EMAIL PROTECTED]>
Date: Fri Feb 1 16:50:44 2008 +0100
[NET_SCHED]: cls_flow: fix build error with CONFIG_NET_EMATCH=n
Rep
David Newall wrote:
I'm not debating that checksums are wrong. The question was how and
where? It's not as if there are any unreliable communication paths in a
loopback interface, so it's surprising that they could be wrong. How? Where?
As I said, loopback doesn't perform full checksum calcula
Jozsef Kadlecsik wrote:
Hi Jeff,
On Thu, 31 Jan 2008, Jeff Chua wrote:
On the bad run, I got the following message ...
boston kernel: nf_ct_tcp: invalid packed ignored IN= OUT=
SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8162
DF PROTO=TCP SPT=1016 DPT=515 SEQ=3834958843 AC
Jeff Chua wrote:
On Jan 31, 2008 10:41 AM, Patrick McHardy <[EMAIL PROTECTED]> wrote:
Thanks. In the dump we can see that connections reusing ports
always have their first SYN dropped and retransmissted three
seconds later. I'm not sure whats causing this yet, do you have
any fir
Jeff Chua wrote:
On Jan 31, 2008 10:23 AM, Jeff Chua <[EMAIL PROTECTED]> wrote:
Again, using latest linux, one with
17311393f969090ab060540bd9dbe7dc885a76d5 reverted, and the other
without.
Sorry, here's the attached output files.
Thanks. In the dump we can see that connections reus
Adrian Bunk wrote:
This patch makes the needlessly global nf_ct_path[] static.
I already have this queued.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Annotate rcu_read_lock/rcu_read_unlock for sparse.
[RCU]: preemptible RCU: sparse annotations
Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]>
diff --git a/include/linux/rcupreempt.h b/include/linux/rcupreempt.h
index ece8eb3..60c2a03 100644
--- a/include/linux/rcupreempt.h
+++ b/i
Ingo Molnar wrote:
randconfig testing found the following build failure on latest -git:
net/built-in.o: In function `ip_queue_init':
ip_queue.c:(.init.text+0x322c): undefined reference to `net_ipv4_ctl_path'
config attached.
Thanks, the reason is CONFIG_SYSCTL=n. I've queued this patch
(mig
Jeff Chua wrote:
On Jan 29, 2008 6:53 PM, Jozsef Kadlecsik <[EMAIL PROTECTED]> wrote:
As the problem can be reproduced so easily, could you capture a full TCP
session and send the pcap file? Thus it could be analyzed, replayed, etc.
and found the reason why the patch above slows down the printi
ables won't work
Submitter : Kristoffer Malmström <[EMAIL PROTECTED]>
Date: 2007-12-28
References : http://bugzilla.kernel.org/show_bug.cgi?id=9657
Handled-By : Patrick McHardy <[EMAIL PROTECTED]>
The reporter has disappeared, so I guess this wasn't
Herbert Xu wrote:
Patrick, please have a look at the former. In fact it's not just
that ihl may be bogus (which might be harmless as long as the REJECT
hook only gets called from within the IP stack), I think REJECT would
also do the wrong thing if the packet had IP options. So perhaps we
shoul
Denys Vlasenko wrote:
On Monday 31 December 2007 17:00, Patrick McHardy wrote:
Denys Vlasenko wrote:
ip[6]_tables.c seem to abuse inline.
This patch removes inlines except those which are used
by packet matching code and thus are performance-critical.
Some people also consider the ruleset
Denys Vlasenko wrote:
ip[6]_tables.c seem to abuse inline.
This patch removes inlines except those which are used
by packet matching code and thus are performance-critical.
Some people also consider the ruleset replacement path performance
critical, but overall I agree with your patch. I'm
Denys Vlasenko wrote:
On Monday 17 December 2007 14:47, Patrick McHardy wrote:
This clashes with my pending patches, which I'll push upstream
today. I also spent some time resyncing ip_tables and ip6_tables
so a diff of both (with some sed'ing) shows only the actual
differences,
Thomas Graf wrote:
* Patrick McHardy <[EMAIL PROTECTED]> 2007-12-18 00:51
Chris Friesen wrote:
Patrick McHardy wrote:
From a kernel perspective there are only complete dumps, the
filtering is done by iproute. So the fact that it shows them
when querying specifically implies there is a
Chris Friesen wrote:
Patrick McHardy wrote:
From a kernel perspective there are only complete dumps, the
filtering is done by iproute. So the fact that it shows them
when querying specifically implies there is a bug in the
iproute neighbour filter. Does it work if you omit "all"
f
Joe Perches wrote:
Signed-off-by: Joe Perches <[EMAIL PROTECTED]>
---
net/netfilter/nf_conntrack_sip.c |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
Both your netfilter patches conflict with some pending patches
of mine (which also fix those spelling errors). So for now I'm
go
Chris Friesen wrote:
The original "ip" command and the new one ("/tmp/ip") both give the same
results--some of the entries are missing.
[EMAIL PROTECTED]:/root> ip neigh show all
172.24.137.0 dev bond0 FAILED
172.24.0.9 dev bond0 lladdr 00:07:e9:41:4b:b4 REACHABLE
10.41.18.101 dev eth6 lladdr
Please CC netfilter-devel on netfilter patches.
Denys Vlasenko wrote:
Hi Patrick, Harald,
I was working on unrelated problem and noticed that ip_tables.c
seem to abuse inline. I prepared a patch which removes inlines
except those which are used by packet matching code
(and thus are really perfo
Adrian Bunk wrote:
On Sun, Dec 02, 2007 at 09:03:56PM +0100, Patrick McHardy wrote:
For all I care binary modules can break, but frankly I don't see
how encapsulating a couple of structures and pointers in a new
structure and adding a new argument to existing functions shifts
the dec
Ben Greear wrote:
Stephen Hemminger wrote:
Naw, enterprise (or any other) distro vendors shouldn't have any
issues here,
since they can just patch their kernels around any issues.
But it looks like Eric has this one thought out well enough.
So you are saying all this is not a problem,
Jan Engelhardt wrote:
Fix forgotten module release in xt_CONNMARK and xt_CONNSECMARK
When xt_CONNMARK is used outside the mangle table and the user specified
"--restore-mark", the connmark_tg_check() function will (correctly)
error out, but (incorrectly) forgets to release the L3 conntrack modu
H. Peter Anvin wrote:
Paul Rolland (ポール・ロラン) wrote:
Hello,
I've a machine with a Core2Duo CPU. /proc/cpuinfo reports the flag
constant_tsc, but at boot time, I have the log :
...
Total of 2 processors activated (6919.15 BogoMIPS).
ENABLING IO-APIC IRQs
..TIMER: vector=0x31 apic1=0 pin1=2 apic2
Tomasz K wrote:
On Mon, 26 Nov 2007, Greg Kroah-Hartman wrote:
[..]
Still there is no aroud officialy released iptables tarball with
support for rules for new xt_{connlimit,time,u32} modules.
Anyone know where are patches for manage connlimit, time, u32 rules
which will be included in next rel
Joonwoo Park wrote:
diff --git a/net/xfrm/xfrm_hash.c b/net/xfrm/xfrm_hash.c
index 55ab579..37795bd 100644
--- a/net/xfrm/xfrm_hash.c
+++ b/net/xfrm/xfrm_hash.c
@@ -17,16 +17,17 @@ struct hlist_head *xfrm_hash_alloc(unsigned int sz)
struct hlist_head *n;
if (sz <= PAGE_SIZE)
-
Michael Buesch wrote:
On Sunday 18 November 2007 22:32:52 Patrick McHardy wrote:
These patches add support for using the HIFN rng.
Acked-by: Michael Buesch <[EMAIL PROTECTED]>
Patrick, can you send this patchset to Andrew for inclusion into -mm?
I think he already pulls from Her
[HWRNG]: move status polling loop to data_present callbacks
Handle waiting for new random within the drivers themselves, this allows to
use better suited timeouts for the individual rngs.
Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]>
---
commit 5632554998aafc5605635f842bca50d5353cd9d
r external) and its frequency and uses that to calculate the
optimum multiplier to reach the maximal speed. By default it uses
the external clock and assumes a speed of 66MHz, which effectively
halfs the frequency currently used.
Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]
[HIFN]: Add support for using the random number generator
Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]>
---
commit 352a65d036f53c1e124bef4205d6fcedb78eac2c
tree 190bb0b4a1795e55096552f743af996df2766070
parent 70467fae3a656562f86adefdfe6d54e3ca20feeb
author Patrick McHardy <[EMAIL
deletions(-)
Patrick McHardy (3):
[HWRNG]: move status polling loop to data_present callbacks
[HIFN]: Improve PLL initialization
[HIFN]: Add support for using the random number generator
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of
Herbert Xu wrote:
BTW, how does the VLAN TX acceleration work at all? It's using
skb->cb to carry the tags but then calls dev_queue_xmit. Once
you do that packet schedulers can scribble all over skb->cb.
Also vlan_skb_recv should be moved out-of-line. It's absolutely
humongous. It'll generate
Rainer Jochem wrote:
I don't think its very useful since you can simply get this information
from /proc/cmdline in case something goes wrong, but if you insist at
least give it a meaningful prefix.
Added.
The initialization is unnecessary.
Removed.
Should be >= I think.
Fixed.
Look
Kok, Auke wrote:
Patrick McHardy wrote:
Kok, Auke wrote:
Patrick McHardy wrote:
I already posted a patch for this, not sure what happened to it.
Auke, any news on merging the secondary unicast address support?
I dropped the ball on that one. Care to resend it and send me one for
e1000e as
Rainer Jochem wrote:
Corrected version below.
+ printk(KERN_INFO "Sending class identifier \"%s\"\n",
+ vendor_class_identifier);
Seems like useless noise.
This information is only sent in the case that the option is actually used.
And in th
Kok, Auke wrote:
Patrick McHardy wrote:
I already posted a patch for this, not sure what happened to it.
Auke, any news on merging the secondary unicast address support?
I dropped the ball on that one. Care to resend it and send me one for e1000e as
well?
Patch for e1000 attached.
Does
Herbert Xu wrote:
On Tue, Nov 13, 2007 at 04:06:24AM -0800, David Miller wrote:
In other words we can make it so that nobody is in promiscuous
mode and therefore have to disable VLAN acceleration *unless*
they really want to be in that state. In which case it would
imply that they wish to see e
Joonwoo Park wrote:
2007/11/13, David Miller <[EMAIL PROTECTED]>:
From: Willy Tarreau <[EMAIL PROTECTED]>
Date: Tue, 13 Nov 2007 00:32:57 +0100
At least, being able to disable the feature at module load time
would be acceptable. Many people who often need to sniff on decent
machines wo
Kok, Auke wrote:
Joonwoo Park wrote:
IMHO even though netdevice is in the promiscuous mode, we should receive all of
ingress packets.
This disable the vlan filtering feature when a vlan hw accel configured e1000
device goes into promiscuous mode.
This make packets visible to sniffers though it
Rainer Jochem wrote:
--- net/ipv4/ipconfig.c.orig2007-11-08 14:54:11.001662860 +0100
+++ net/ipv4/ipconfig.c 2007-11-08 14:54:15.961480524 +0100
@@ -139,6 +139,8 @@ __be32 ic_servaddr = NONE; /* Boot serve
__be32 root_server_addr = NONE;/* Address of NFS server */
u8 root_server_pa
Krzysztof Halasa wrote:
Patrick McHardy <[EMAIL PROTECTED]> writes:
I think there is one more case that matters, which is briding
from a device with VLAN stripping for a VLAN not configured
locally. The tag will be stripped and will be lost for forwarded
packets.
I think we should dro
David Miller wrote:
From: Patrick McHardy <[EMAIL PROTECTED]>
Date: Mon, 05 Nov 2007 19:00:19 +0100
This looks like a rather expensive operation for the unlikely case
that packets will be received by a packet socket. IMO it should only
be reconstructed if actually needed, by af_packet
Dave Johnson wrote:
+/* VLAN rx hw acceleration helper. This acts like netif_{rx,receive_skb}(). */
+static inline int __vlan_hwaccel_rx(struct sk_buff *skb,
+ struct vlan_group *grp,
+ unsigned short vlan_tag, int polling)
+{
.
Paul E. McKenney wrote:
Hello!
While reviewing rcu_dereference() uses, I came across a number of cases
where I couldn't see how the rcu_dereference() helped. One class of
cases is where the variable is never subsequently dereferenced, so that
patches like the following one would be appropriate.
Andy Whitcroft wrote:
Seems we are getting some kind of bug out of our s390x partition (lnxabat1)
when booting latest mainline releases, specifically since 2.6.23-git3.
Kernel BUG at 0002 Ýverbose debug info unavailable?
illegal operation: 0001 Ý#1?
Modules linked in: dm_mod sit tunn
Al Boldi wrote:
Patrick McHardy wrote:
The netlink based iptables successor I'm currently working on allows to
dynamically create tables with user-specified priorities and "built-in"
chains. The only built-in tables will be those that need extra
processing (mangle/nat).
Jan Engelhardt wrote:
> On Oct 12 2007 15:48, Patrick McHardy wrote:
>
>>The netlink based iptables successor I'm currently working on allows to
>>dynamically create tables with user-specified priorities and "built-in"
>>chains. The only built-in tables wil
Jan Engelhardt wrote:
> On Oct 12 2007 16:30, Al Boldi wrote:
With the existence of the mangle table, how useful is the filter table?
>>>
>>>A similar discussion was back in March 2007.
>>>http://marc.info/?l=netfilter-devel&m=117394977210823&w=2
>>>http://marc.info/?l=netfilter-devel&m=11
Al Boldi wrote:
> Patrick McHardy wrote:
>
>>Al Boldi wrote:
>>
>>>Well, for example to stop any transient packets being forwarded. You
>>>could probably hack around this using mark's, but you can't stop the
>>>implied route lookup, unless
Al Boldi wrote:
>>>The problem is that people think they are safe with the filter table,
>>>when in fact they need the prerouting chain to seal things. Right now
>>>this is only possible in the mangle table.
>>
>>Why do they need PREROUTING?
>
>
> Well, for example to stop any transient packets
Please send mails discussing netfilter to netfilter-devel.
Al Boldi wrote:
> With the existence of the mangle table, how useful is the filter table?
>
> Other than requiring the REJECT target to be ported to the mangle table, is
> the filter table faster than the mangle table?
There are some mi
Stephen Hemminger wrote:
On Tue, 25 Sep 2007 06:07:24 +0200
Patrick McHardy <[EMAIL PROTECTED]> wrote:
I meant removing brnf_sysctl_call_tables function, not the sysctls
themselves, all it does is change values != 0 to 1. Or did you
actually mean that something in userspace might dep
Eric W. Biederman wrote:
> Patrick McHardy <[EMAIL PROTECTED]> writes:
>
>>I seem to be missing something, the entire brnf_sysctl_call_tables
>>thing looks purely cosmetic to me, wouldn't it be better to simply
>>remove it?
>
>
> Well it is cosmetic
Stephen Hemminger wrote:
> On Mon, 24 Sep 2007 18:55:38 +0200
> Patrick McHardy <[EMAIL PROTECTED]> wrote:
>
>>Eric W. Biederman wrote:
>>
>>>A really good fix would be to remove the binary side and then to
>>>modify brnf_sysctl_call_tables to allocat
Dan Merillat wrote:
> On 9/24/07, Greg KH <[EMAIL PROTECTED]> wrote:
>
>>netlink_run_queue() doesn't handle multiple processes processing the
>>queue concurrently. Serialize queue processing in inet_diag to fix
>>a oops in netlink_rcv_skb caused by netlink_run_queue passing a
>>NULL for the skb.
>
Eric W. Biederman wrote:
> [EMAIL PROTECTED] (Joseph Fannin) writes:
>
>
>>The netfilter sysctls in the bridging code don't set strategy routines:
>>
>> sysctl table check failed: /net/bridge/bridge-nf-call-arptables .3.10.1
>> Missing
>>strategy
>> sysctl table check failed: /net/bridge/bridge-
lepton wrote:
> Hi,
> For local src packets, it is better to update sk_route_caps in
> ip_route_me_harder.
This seems like a good idea to me. But why only for local src
(address) packets? This function can also be used for locally
generated packet that have been (f.i.) NATed to a foreign
addr
Neil Horman wrote:
> On Thu, Sep 06, 2007 at 02:13:26AM +1000, Rusty Russell wrote:
>
>>On Wed, 2007-09-05 at 17:22 +0200, Patrick McHardy wrote:
>>
>>>But I'm wondering, wouldn't module refcounting alone fix this problem?
>>>If we make nf_sockopt()
Neil Horman wrote:
> Hey all-
> So I've had a deadlock reported to me. I've found that the sequence of
> events goes like this:
>
> 1) process A (modprobe) runs to remove ip_tables.ko
>
> 2) process B (iptables-restore) runs and calls setsockopt on a netfilter
> socket,
> increasing the i
Satyam Sharma wrote:
net/sched/sch_cbq.c: In function 'cbq_enqueue':
net/sched/sch_cbq.c:383: warning: 'ret' may be used uninitialized in this
function
has been verified to be a bogus case. So let's shut it up.
Signed-off-by: Satyam Sharma <[EMAIL PROTECTED]&
Herbert Xu wrote:
Patrick McHardy <[EMAIL PROTECTED]> wrote:
Thanks. I'm not sure either, it would require two concurrent requests
to be processed, but AFAICS oidentd only uses a single netlink socket.
Perhaps multiple running instances or something else using the inet_dia
Athanasius wrote:
On Sat, Sep 01, 2007 at 06:38:23PM +0200, Patrick McHardy wrote:
You might be able to trigger it without this patch by running
"while true; do ss -tn; done" while doing ident queries, but
just running the while loop a couple of times in parallel
doesn't see
Athanasius wrote:
I'll compile up a new kernel, likely 2.6.22.6, plus this patch, and
reboot to it tonight. I still don't know *exactly* how to trigger the
bug on demand though, it's not reocurred since I posted the bug report
(but had happened about a week before as well).
Thanks. I'm not
Jan Engelhardt wrote:
> On Aug 2 2007 20:33, Patrick McHardy wrote:
>
>>>End result:
>>>
>>>After loading nf_conntrack_ipv4.ko, everything works again (also with the
>>>"bad" ff09b7). But I have to load it explicitly, and I think that
>>
Andy Whitcroft wrote:
> It seems an extraneous trailing ';' has slipped into the skb length
> checks in u32_match_it() triggering an unconditional missmatch.
Thanks, this already fixed in net-2.6 and should hit Linus' tree soon.
-
To unsubscribe from this list: send the line "unsubscribe linux-ke
Joe Perches wrote:
diff --git a/net/netfilter/xt_u32.c b/net/netfilter/xt_u32.c
index 74f9b14..bec4279 100644
--- a/net/netfilter/xt_u32.c
+++ b/net/netfilter/xt_u32.c
@@ -36,7 +36,7 @@ static bool u32_match_it(const struct xt_u32 *data,
at = 0;
pos = ct->location
1 - 100 of 275 matches
Mail list logo
