It was possible to set
NF_CONNTRACK=n
NF_CONNTRACK_LABELS=y
via NETFILTER_XT_MATCH_CONNLABEL=y:
warning: (NETFILTER_XT_MATCH_CONNLABEL) selects NF_CONNTRACK_LABELS which has
unmet direct dependencies (NET && INET && NETFILTER && NF_CONNTRACK)
Reported-by: Randy Dunlap
With 3.7, hyperv guest shutdown no longer works.
Instead, guest kernel throws a bunch of "BUG: scheduling-while-atomic"
errors and then dies.
reverting
commit 6c0c0d4d1080840eabb3d055d2fd8191c5fd
Author: hongfeng
Date: Thu Oct 4 17:12:25 2012 -0700
poweroff: fix bug in orderly_poweroff()
Fengguang Wu wrote:
> Hi Patrick,
>
> This happens in today's linux-next tree and is pretty reproducible.
> [1.834544] nf_conntrack version 0.5.0 (1786 buckets, 7144 max)
> [1.835406] ctnetlink v0.93: registering with nfnetlink.
> [1.836202] BUG: unable to handle kernel NULL pointer d
Hi.
I get repeated "WRITE SAME" failed errors with
"SAS1064ET" Controller (mptsas driver). Excerpt:
[ 5898.784829] Sense Key : 0x5 [current]
[ 5898.784833] sd 6:1:0:0: [sda]
[ 5898.784835] ASC=0x0 ASCQ=0x0
[ 5898.784837] sd 6:1:0:0: [sda] CDB:
[ 5898.784838] cdb[0]=0x41: 41 00 07 4f db 12 00 00
Randy Dunlap wrote:
> On 09/04/13 01:13, Stephen Rothwell wrote:
> > Hi all,
> >
> > Please do not add any code for v3.13 to your linux-next included branches
> > until after v3.12-rc1 is released.
> >
> > Changes since 20130902:
> >
>
> on x86_64:
>
> when CONFIG_IPV6=m
> and CONFIG_NETFILTE
CAI Qian wrote:
[ CC'd nf-devel ]
> Just hit this very often during IPv6 tests in both the latest stable
> and mainline kernel.
>
> [ 3597.206166] Modules linked in:
[..]
> nf_nat_ipv4(F-)
[..]
> [ 3597.804861] RIP: 0010:[] []
> nf_nat_cleanup_conntrack+0x42/0x70 [nf_nat]
> [ 3597.855207] R
an happens after deletion.
True, thanks for fixing this problem.
> This patch initializes LRU list head before adding fragment into hash and
> inet_frag_lru_move() doesn't touches it if it's empty.
Acked-by: Florian Westphal
--
To unsubscribe from this list: send the line "
After update to 3.8 dmesg is spammed with:
kernel: [ 280.272094] 3w-: scsi8: Unknown scsi opcode: 0x41
kernel: [ 280.272107] sd 8:0:0:0: [sda] Unhandled error code
kernel: [ 280.272110] sd 8:0:0:0: [sda]
kernel: [ 280.272112] Result: hostbyte=0x04 driverbyte=0x00
kernel: [ 280.272114] sd 8:0:0
Martin K. Petersen wrote:
> Florian> After update to 3.8 dmesg is spammed with: kernel: [
> Florian> 280.272094] 3w-: scsi8: Unknown scsi opcode: 0x41 kernel: [
> Florian> 280.272107] sd 8:0:0:0: [sda] Unhandled error code kernel:
>
> Interesting. It looks like the 3ware handles this at the
Martin K. Petersen wrote:
> >>>>> "Florian" == Florian Westphal writes:
>
> Florian> After update to 3.8 dmesg is spammed with: kernel: [
> Florian> 280.272094] 3w-: scsi8: Unknown scsi opcode: 0x41 kernel: [
> Florian> 280.272107] sd 8:0:0:
Eric Dumazet wrote:
> From: Eric Dumazet
>
> hpa bringed into my attention some security related issues
> with BPF JIT on x86.
>
> This patch makes sure the bpf generated code is marked read only,
> as other kernel text sections.
>
> It also splits the unused space (we vmalloc() and only use a
David Rientjes wrote:
> > On Tue, 2013-05-21 at 14:28 +0200, Florian Westphal wrote:
> > > seems like sk_page_frag_refill() can cause oom-killer invocation:
> > >
> > > postgres invoked oom-killer: gfp_mask=0x42d0, order=3, oom_score_adj=0
> > > Pid: 10
.
Signed-off-by: Florian Westphal
---
not subscribed, please CC on replies.
Also, I don't know much about kvm or kexec, so its possible
that i missed something.
In any case, this seems to fix the initramfs corruption for me.
patch is against virt/kvm/kvm.git.
arch/x86/kernel/
Marcelo Tosatti wrote:
> On Fri, Aug 10, 2012 at 12:36:22PM +0200, Florian Westphal wrote:
> > --- a/arch/x86/kernel/kvmclock.c
> > +++ b/arch/x86/kernel/kvmclock.c
> > @@ -191,7 +191,6 @@ static void kvm_crash_shutdown(struct pt_regs *regs)
> > st
else, host continues to update stealtime after reboot,
which can corrupt e.g. initramfs area.
found when tracking down initramfs unpack error on initial reboot
(with qemu-kvm -smp 2, no problem with single-core).
Signed-off-by: Florian Westphal
---
arch/x86/kernel/kvm.c |1 +
1 files
Alan Cox wrote:
> On Thu, 10 Jan 2013 15:46:26 +0100
> Florian Westphal wrote:
> > Frank Lichtenheld discovered that openpty() doesn't work anymore when
> > /dev/pts is not present.
> >
> > We bisected this down to
> >
> > commit bbb63c514a3464342
Jiri Slaby wrote:
> On 01/10/2013 11:51 PM, Jiri Slaby wrote:
> > On 01/10/2013 11:45 PM, Alan Cox wrote:
> >> So we should just fix TIOCGPTN on a pty with no suitable name answer to
> >> return -EINVAL
> >
> > Yes, I agree as I'm expressed in my second mail. Sorry for the confusion.
>
> Does th
Frank Lichtenheld discovered that openpty() doesn't work anymore when
/dev/pts is not present.
We bisected this down to
commit bbb63c514a3464342967237a51a21ea8f61ab951
Author: Wanlong Gao
Subject: drivers:tty:fix up ENOIOCTLCMD error handling
The original program triggering the error was pptpd,
Fabian Frederick wrote:
> Since commit f330a7fdbe16
> ("netfilter: conntrack: get rid of conntrack timer")
>
> closed connections remain longer in /proc/net/nf_conntrack
>
> Running current kernel; just after boot:
> cat /proc/net/nf_conntrack | wc -l = 5
> 4 minutes required to clean up the tab
Fabian Frederick wrote:
> Hello Florian,
>
> First problem is solved: table gets cleared 3 minutes earlier
> but I still have kmemleak before running the following:
>
> echo scan > /sys/kernel/debug/kmemleak
> cat /sys/kernel/debug/kmemleak
> Nothing
> echo scan > /sys/kernel/debug/kmeml
Jia He wrote:
> buff[] will be assigned later, so memset is not necessary.
>
> Signed-off-by: Jia He
> Cc: "David S. Miller"
> Cc: Alexey Kuznetsov
> Cc: James Morris
> Cc: Hideaki YOSHIFUJI
> Cc: Patrick McHardy
> ---
> net/ipv6/addrconf.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff
syzbot
wrote:
[ cc Thomas Egerer ]
> syzkaller hit the following crash on
> 36ef71cae353f88fd6e095e2aaa3e5953af1685d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
> C reprod
Steffen Klassert wrote:
> On Wed, Nov 01, 2017 at 11:06:08PM +0100, Florian Westphal wrote:
> > I also don't understand how address comparision is supposed to work in this
> > case,
> > it seems that if saddr/daddr are v4 and template v6 we compare full ipv6
> &g
et/ipv4/route.c:2785
>
> This is introduced by:
>
> commit 394f51abb3d04f33fb798f04b16ae6b0491ea4ec
> Author: Florian Westphal
> Date: Tue Aug 15 16:34:44 2017 +0200
>
> ipv4: route: set ipv4 RTM_GETROUTE to not use rtnl
>
> Signed-off-by: Flo
Charlie Sale wrote:
> Fixed FIXME comment in code my changing a vmalloc call
> to a kmalloc call. Thought it would be a good place to
> start for a first patch.
Please at least compile test your patches.
> - /* FIXME: don't use vmalloc() here or anywhere else -HW */
> - hinfo = vmalloc(s
Charlie Sale wrote:
> + hinfo = kvmalloc(sizeof(*hinfo) + sizeof(struct hlist_head) * size,
> + GPT_KERNEL);
Looks like you did not even compile test this. Again. :-(
interval displays the probability and vice versa.
Fixes: 6adc4a22f20bb ("fault-inject: add ratelimit option")
Signed-off-by: Florian Westphal
---
lib/fault-inject.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/fault-inject.c b/lib/fault-inject.c
index f1cdeb
Pablo Neira Ayuso wrote:
> > diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> > --- a/net/netfilter/nf_tables_api.c
> > +++ b/net/netfilter/nf_tables_api.c
> > @@ -5010,6 +5013,22 @@ nft_obj_filter_alloc(const struct nlattr * const
> > nla[])
> > return filter;
> >
Michal Hocko wrote:
> On Mon 29-01-18 23:35:22, Florian Westphal wrote:
> > Kirill A. Shutemov wrote:
> [...]
> > > I hate what I'm saying, but I guess we need some tunable here.
> > > Not sure what exactly.
> >
> > Would memcg help?
>
&g
#syz dup: possible deadlock in do_ip_getsockopt
#syz dup: possible deadlock in do_ip_getsockopt
#syz dup: possible deadlock in do_ip_getsockopt
#syz dup: possible deadlock in do_ip_getsockopt
> From d48e950f1b04f234b57b9e34c363bdcfec10aeee Mon Sep 17 00:00:00 2001
> From: Michal Hocko
> Date: Tue, 30 Jan 2018 14:51:07 +0100
> Subject: [PATCH] net/netfilter/x_tables.c: make allocation less aggressive
Acked-by: Florian Westphal
syzbot wrote:
> Hello,
>
> syzbot hit the following crash on upstream commit
> c4e0ca7fa24137e372d6135fe16e8df8e123f116 (Fri Jan 26 23:10:50 2018 +)
> Merge tag 'riscv-for-linus-4.15-maintainers' of
> git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux
>
> So far this crash happ
#syz fix: netfilter: nf_tables: fix potential NULL-ptr deref in
nf_tables_dump_obj_done()
syzbot wrote:
> syzbot hit the following crash on upstream commit
> c4e0ca7fa24137e372d6135fe16e8df8e123f116 (Fri Jan 26 23:10:50 2018 +)
> Merge tag 'riscv-for-linus-4.15-maintainers' of
> git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux
>
> So far this crash happened 3 times
syzbot wrote:
> CPU: 0 PID: 3675 Comm: syzkaller168273 Not tainted 4.15.0-rc9+ #283
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> RIP: 0010:ip6t_do_table+0x12de/0x19d0 net/ipv6/netfilter/ip6_tables.c:360
> RSP: 0018:8801db206c58 EFLAGS: 0001024
Tetsuo Handa wrote:
> syzbot wrote:
> > syzbot hit the following crash on net-next commit
> > 6bb46bc57c8e9ce947cc605e555b7204b44d2b10 (Fri Jan 26 16:00:23 2018 +)
> > Merge branch 'cxgb4-fix-dump-collection-when-firmware-crashed'
> >
> > C reproducer is attached.
> > syzkaller reproducer is
Kirill A. Shutemov wrote:
> On Mon, Jan 29, 2018 at 08:23:57AM +0100, Florian Westphal wrote:
> > > vmalloc() once became killable by commit 5d17a73a2ebeb8d1 ("vmalloc: back
> > > off when the current task is killed") but then became unkillable by commit
> >
Kirill A. Shutemov wrote:
> On Mon, Jan 29, 2018 at 05:57:22PM +0100, Florian Westphal wrote:
> > Kirill A. Shutemov wrote:
> > > On Mon, Jan 29, 2018 at 08:23:57AM +0100, Florian Westphal wrote:
> > > > > vmalloc() once became killable by commit 5d17a73a2e
Pavel Machek wrote:
> > > ...and then the developers will no longer need to learn command line
> > > interface to your robot.
> > >
> > > #syz test: git://gcc.gnu.org/git/gcc.git master
> > > #syz dup: `date`
> >
> >
> > Pavel, please stop harming the useful process!
> > syzkaller+syzbot already
Eric Dumazet wrote:
> >>fs/proc/generic.c:354
> >
> >We need to reject empty names.
> >
>
> I sent a patch a while back, but Pablo/Florian wanted more than that simple
> fix.
>
> We also need to filter special characters like '/'
>
> Or maybe I am mixing with something else.
Argh, sorry, this
Cong Wang wrote:
> On Fri, Mar 9, 2018 at 2:58 PM, Eric Dumazet wrote:
> >
> >
> > On 03/09/2018 02:56 PM, Eric Dumazet wrote:
> >
> >>
> >> I sent a patch a while back, but Pablo/Florian wanted more than that
> >> simple fix.
> >>
> >> We also need to filter special characters like '/'
>
> proc
Alexey Dobriyan wrote:
> Various subsystems can create files and directories in /proc
> with names directly controlled by userspace.
>
> Which means "/", "." and ".." are no-no.
>
> "/" split is already taken care of, do the other 2 p
Arushi Singhal wrote:
> On Mon, Mar 12, 2018 at 2:17 AM, Pablo Neira Ayuso
> wrote:
>
> > Hi Joe,
> >
> > On Sun, Mar 11, 2018 at 12:52:41PM -0700, Joe Perches wrote:
> > > On Mon, 2018-03-12 at 01:11 +0530, Arushi Singhal wrote:
> > > > Using pr_() is more concise than
> > > > printk(KERN_).
>
Sasha Levin wrote:
> From: Florian Westphal
>
> [ Upstream commit f92b40a8b2645af38bd6814651c59c1e690db53d ]
This patch is broken and a fix is not in any tree yet.
valdis.kletni...@vt.edu wrote:
> (Resending because I haven't heard anything)
[ ip6tables broken ]
Sorry, did not see this email before.
I'll investigate asap, thanks for the detailed report.
David Woodhouse wrote:
>
>
> On Fri, 2015-03-06 at 17:37 +0100, Florian Westphal wrote:
> >
> > > > I did performance measurements in the following way:
> > > >
> > > > Removed those pieces of the packet pipeline that I don't necessarily
Dmitry Vyukov wrote:
> On Wed, Dec 19, 2018 at 7:37 PM syzbot
> wrote:
> >
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:a26d94bff4d5 net: bridge: remove unneeded variable 'err'
> > git tree: net-next
> > console output: https://syzkaller.appspot.com/x/log.
Wolfgang Walter wrote:
[ CCing Christophe ]
> Am Montag, 10. Dezember 2018, 09:58:56 schrieb David Miller:
> > From: Florian Westphal
> > Date: Mon, 10 Dec 2018 13:47:24 +0100
> >
> > > After recent tree conversion, we could probably make the exact policies
&
Christophe Gouault wrote:
> The main use cases I have encountered and tried to address with the
> hash-based lookup were network operator use cases:
> - a lot of dynamic /32 <=> /32 policies (protecting GTP tunnels)
> - or a lot of dynamic policies with the same prefix lengths (e.g. /16 <=> /24)
>
syzbot wrote:
> Hello,
>
> syzbot found the following crash on:
[..]
> Workqueue: events xfrm_hash_rebuild
Ignoring this report for a second -- I think it makes sense to see
if we can just remove the entire hash table rebuild/resize code.
After recent tree conversion, we could probably make th
syzbot wrote:
>
> HEAD commit:74c4a24df7ca Add linux-next specific files for 20181207
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=17bbea7d40
> kernel config: https://syzkaller.appspot.com/x/.config?x=6e9413388bf37bed
> dashboard link: https://
Guenter Roeck wrote:
> mips:cavium_octeon_defconfig [4]
> git bisect bad 4165079ba328dd47262a2183049d3591f0a750b1
> # first bad commit: [4165079ba328dd47262a2183049d3591f0a750b1] net: switch
> secpath to use skb extension infrastructure
Indeed, sorry. staging/octeon needs a small fix. W
ture")
Signed-off-by: Florian Westphal
---
Greg, David:
The patch will not break build for a tree that lacks the 'Fixes'
commit, so this can also go in via staging tree.
OTOH, net-next build is broken for mips/octeon, so I think in
this case net-next might make more sense?
syzbot wrote:
> syzbot has found a reproducer for the following crash on:
>
> HEAD commit:ce28bb445388 Merge git://git.kernel.org/pub/scm/linux/kern..
> git tree: net-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=1673fb1b40
> kernel config: https://syzkaller.apps
Michal Hocko wrote:
> On Fri 28-12-18 17:55:24, Shakeel Butt wrote:
> > The [ip,ip6,arp]_tables use x_tables_info internally and the underlying
> > memory is already accounted to kmemcg. Do the same for ebtables. The
> > syzbot, by using setsockopt(EBT_SO_SET_ENTRIES), was able to OOM the
> > whol
Stephen Rothwell wrote:
> After merging the net-next tree, today's linux-next build (i386 defconfig)
> produced these warnings:
>
> In file included from include/net/netfilter/nf_conntrack_tuple.h:13:0,
> from include/linux/netfilter/nf_conntrack_dccp.h:28,
> fro
Geert Uytterhoeven wrote:
> On Tue, May 8, 2018 at 9:17 AM, Florian Westphal wrote:
> > Stephen Rothwell wrote:
> >> On Mon, 7 May 2018 10:55:19 +1000 Stephen Rothwell
> >> wrote:
> >> >
> >> > After merging the netfilter-next tree, t
Jeffrin Thalakkottoor wrote:
> i think the script nft_nat.sh is assuming devices eth0 and eth1
No it does not.
These are arbitrary names given to veth devices.
> Error: Unknown device type.
No Veth device support in kernel?
Jeffrin Thalakkottoor wrote:
> Error: Unknown device type.
Feel free to send a patch that makes it display a more reasonable
exit+error here.
Richard Guy Briggs wrote:
> > > I personally would notify once per transaction. This is easy and quick.
>
> This was the goal. iptables was atomic. nftables appears to no longer
> be so. If I have this wrong, please show how that works.
nftables transactions are atomic, either the entire batc
Alexander Lobakin wrote:
> we're in such context. This includes: build_skb() (called only
> from NIC drivers in NAPI Rx context) and {,__}napi_alloc_skb()
> (called from the same place or from kernel network softirq
> functions).
build_skb is called from sleepable context in drivers/net/tun.c .
P
Richard Guy Briggs wrote:
> On 2021-02-11 23:09, Florian Westphal wrote:
> > So, if just a summary is needed a single audit_log_nfcfg()
> > after 'step 3' and outside of the list_for_each_entry_safe() is all
> > that is needed.
>
> Ok, so it should not
Richard Guy Briggs wrote:
> On 2021-02-18 09:22, Florian Westphal wrote:
> > No. There is a hierarchy, e.g. you can't add a chain without first
> > adding a table, BUT in case the table was already created by an earlier
> > transaction it can also be stand-alone.
&g
Richard Guy Briggs wrote:
> Ok, can I get one more clarification on this "hierarchy"? Is it roughly
> in the order they appear in nf_tables_commit() after step 3? It appears
> it might be mostly already. If it isn't already, would it be reasonable
> to re-order them? Would you suggest a differ
Richard Guy Briggs wrote:
> > If they appear in a batch tehy will be ignored, if the batch consists of
> > such non-modifying ops only then nf_tables_commit() returns early
> > because the transaction list is empty (nothing to do/change).
>
> Ok, one little inconvenient question: what about GETOB
Yang Li wrote:
> Fix the following sparse warnings:
> net/xfrm/xfrm_policy.c:1303:22: warning: incorrect type in assignment
> (different address spaces)
> Reported-by: Abaci Robot
> Signed-off-by: Yang Li
> ---
> net/xfrm/xfrm_policy.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
09b7e ("netfilter: nft_compat: make sure xtables destructors
have run")
Reported-by: kernel test robot
Signed-off-by: Florian Westphal
---
net/netfilter/nft_compat.c | 37 ++---
1 file changed, 14 insertions(+), 23 deletions(-)
diff --git a/net/netfilter/nft
Miaohe Lin wrote:
> The skb_shared_info part of the data is assigned in the following loop.
Where?
Linus Torvalds wrote:
> On Tue, Dec 22, 2020 at 6:44 AM syzbot
> wrote:
> >
> > The issue was bisected to:
> >
> > commit 2f78788b55ba ("ilog2: improve ilog2 for constant arguments")
>
> That looks unlikely, although possibly some constant folding
> improvement might make the fortify code notice
Dinghao Liu wrote:
> When register_pernet_subsys() fails, nf_nat_bysource
> should be freed just like when nf_ct_extend_register()
> fails.
Acked-by: Florian Westphal
o $?
> 0
>
> This is because the $lret in check_xfrm() is not a local variable.
Acked-by: Florian Westphal
Richard Guy Briggs wrote:
> nft_commit_notify(net, NETLINK_CB(skb).portid);
> nf_tables_gen_notify(net, skb, NFT_MSG_NEWGEN);
> nf_tables_commit_release(net);
>
> + nf_tables_commit_audit_log(&adl, net->nft.base_seq);
This meeds to be before nf_tables_commit_release() call
Naresh Kamboju wrote:
> On Mon, 22 Mar 2021 at 18:15, Greg Kroah-Hartman
> wrote:
> >
> > From: Florian Westphal
> >
> > [ Upstream commit f07157792c633b528de5fc1dbe2e4ea54f8e09d4 ]
> >
> > mptcp_add_pending_subflow() performs a sock_hold() on the subf
Colin King wrote:
> From: Colin Ian King
>
> Currently the call to nf_log_register is returning an error code that
> is not being assigned to ret and yet ret is being checked. Fix this by
> adding in the missing assignment.
Thanks for catching this.
Acked-by: Florian Westphal
Mark Tomlinson wrote:
> This reverts commit 443d6e86f821a165fae3fc3fc13086d27ac140b1.
>
> This (and the following) patch basically re-implemented the RCU
> mechanisms of patch 784544739a25. That patch was replaced because of the
> performance problems that it created when replacing tables. Now, w
Mark Tomlinson wrote:
> This reverts commit cc00bcaa589914096edef7fb87ca5cee4a166b5c.
>
> This (and the preceding) patch basically re-implemented the RCU
> mechanisms of patch 784544739a25. That patch was replaced because of the
> performance problems that it created when replacing tables. Now, w
Mark Tomlinson wrote:
> When a new table value was assigned, it was followed by a write memory
> barrier. This ensured that all writes before this point would complete
> before any writes after this point. However, to determine whether the
> rules are unused, the sequence counter is read. To ensur
Stephen Rothwell wrote:
> net/bridge/netfilter/ebtables.c:1248:33: error: 'struct netns_xt' has no
> member named 'tables'
> 1248 | list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
> | ^
> include/linux/list.h:619:20: note: in definition of m
Cole Dishington wrote:
> Introduce changes to add ESP connection tracking helper to netfilter
> conntrack. The connection tracking of ESP is based on IPsec SPIs. The
> underlying motivation for this patch was to allow multiple VPN ESP
> clients to be distinguished when using NAT.
>
> Added config
Marco Elver wrote:
[..]
> v6:
> * Revert usage of skb extensions due to potential memory leak. Patch 2/3 is
> now
> idential to that in v2.
> * Patches 1/3 and 3/3 are otherwise identical to v5.
The earlier series was already applied to net-next, so you need to
rebase on top of net-next and i
menglong8.d...@gmail.com wrote:
> From: Menglong Dong
>
> For now, sysctl_wmem_max and sysctl_rmem_max are globally unified.
> It's not convenient in some case. For example, when we use docker
> and try to control the default udp socket receive buffer for each
> container.
>
> For that reason,
Jia-Ju Bai wrote:
> When find_table_lock() returns NULL to t, no error return code of
> do_update_counters() is assigned.
Its -ENOENT.
> t = find_table_lock(net, name, &ret, &ebt_mutex);
^
ret is passed to find_table_lock, which passes it to
find
Mark Tomlinson wrote:
> When a new table value was assigned, it was followed by a write memory
> barrier. This ensured that all writes before this point would complete
> before any writes after this point. However, to determine whether the
> rules are unused, the sequence counter is read. To ensur
Gustavo A. R. Silva wrote:
> In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple
> warnings by explicitly adding multiple break statements instead of just
> letting the code fall through to the next case.
Acked-by: Florian Westphal
Feel free to carry this in next
Gustavo A. R. Silva wrote:
> In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning
> by explicitly adding a break statement instead of letting the code fall
> through to the next case.
Acked-by: Florian Westphal
Ido Schimmel wrote:
> On Thu, Oct 29, 2020 at 05:36:19PM +, Aleksandr Nogikh wrote:
> > From: Aleksandr Nogikh
> >
> > Remote KCOV coverage collection enables coverage-guided fuzzing of the
> > code that is not reachable during normal system call execution. It is
> > especially helpful for f
Artie Hamilton wrote:
> Now the same thing should be done for IPv6. It should works quite similar
> (I just assume the above mentioned steps are already done):
>
> $ sysctl -w net.ipv6.conf.br0.accept_ra=2
> $ sysctl -w net.bridge.bridge-nf-call-ip6tables=1
> $ ip6tables -t nat -A PREROUTING -p t
Eric Dumazet wrote:
> > diff --git a/net/netfilter/nf_conntrack_core.c
> > b/net/netfilter/nf_conntrack_core.c
> > index 43549eb..7a34bb2 100644
> > --- a/net/netfilter/nf_conntrack_core.c
> > +++ b/net/netfilter/nf_conntrack_core.c
> > @@ -387,8 +387,12 @@ begin:
> > !at
Eric Dumazet wrote:
> > This will also set up a null-binding when no matching SNAT/DNAT/MASQERUADE
> > rule existed.
> >
> > The manipulations of the skb->nfct->ext nat area are performed without
> > a lock. Concurrent access is supposedly impossible as the conntrack
> > should not (yet) be in t
Eric Dumazet wrote:
> > The confirmed bit should always be set here.
>
> So why are you testing it ?
To detect ct object recycling when tuple is identical.
This is my understanding of how we can end up with two
cpus thinking they have exclusive ownership of the same ct:
A cpu0: starts lookup:
Florian Westphal wrote:
> Eric Dumazet wrote:
> > > The confirmed bit should always be set here.
> >
> > So why are you testing it ?
>
> To detect ct object recycling when tuple is identical.
>
> This is my understanding of how we can end up with two
Andrew Vagin wrote:
> Can we allocate conntrack with zero ct_general.use and increment it at
> the first time before inserting the conntrack into the hash table?
> When conntrack is allocated it is attached exclusively to one skb.
> It must be destroyed with skb, if it has not been confirmed, so w
Andrew Vagin wrote:
> On Thu, Jan 09, 2014 at 09:56:22PM +0100, Florian Westphal wrote:
> > Andrew Vagin wrote:
> > > Can we allocate conntrack with zero ct_general.use and increment it at
> > > the first time before inserting the conntrack into the hash table?
> &
Andrey Vagin wrote:
>
> Eric and Florian, could you look at this patch. When you say,
> that it looks good, I will ask the user to validate it.
> I can't reorder these actions, because it's reproduced on a real host
> with real users. Thanks.
>
>
> nf_conntrack_free can't be called for
Andrew Vagin wrote:
> > I think it would be nice if we could keep it that way.
> > If everything fails we could proably intoduce a 'larval' dummy list
> > similar to the one used by template conntracks?
>
> I'm not sure, that this is required. Could you elaborate when this can
> be useful?
You c
David Newall wrote:
> Having received no feedback of substance from netdev, I now address
> my previous email to a wider audience for discussion and in
> preparation for submitting a patch based closely on that below.
>
> This email is not addressed to Bandan Das ,
> who is the author of the comm
Ilia Mirkin wrote:
> > Maybe printing "using protocol version X" will make it appear less like
> > a debugging message referring to packet contents or something similar.
>
> With pr_info it'll still appear in dmesg, and it'll still be "random
> non-sensical message appears over and over in dmesg"
1 - 100 of 292 matches
Mail list logo
