name, nf_conncount.c -> xt_connlimit.c]
Signed-off-by: Mauricio Faria de Oliveira
---
net/netfilter/xt_connlimit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index 913b86ef..b1646c2 100644
--- a/net/netfilter/xt_connlim
unt.c -> xt_connlimit.c.
- nf_conncount_rb -> xt_connlimit_rb
- nf_conncount_tuple -> xt_connlimit_conn
- conncount_conn_cachep -> connlimit_conn_cachep]
Signed-off-by: Mauricio Faria de Oliveira
---
net/netfilter/xt_connlimit.c | 52 +++-
1 file ch
refactor, so do it here, while still here in this related patch.]
Signed-off-by: Mauricio Faria de Oliveira
---
net/netfilter/xt_connlimit.c | 8 ++--
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index ffa8eec..79d41
From: Ubuntu
[changelog]
- v2: include patch 5/5 (a very recent fix to patch 4/5) which is
not yet in Linus's tree but it's in nf.git + linux-next.git,
thus should make it shortly. Test results still consistent.
Thanks Florian Westphal for reviewing and pointing that out.
count only
use case")
which addresses nf_conncount_count() that does not exist yet -- it's
introduced by
upstream commit 625c556118f3 ("netfilter: connlimit: split xt_connlimit
into front
and backend"), a refactor change.
- nft_connlimit.c -> removed, not used/doesn't
_conn_cachep -> connlimit_conn_cachep]
Signed-off-by: Mauricio Faria de Oliveira
---
include/net/netfilter/nf_conntrack_count.h | 14
net/netfilter/xt_connlimit.c | 36 +++---
2 files changed, 37 insertions(+), 13 deletions(-)
create mode 100644 includ
Florian,
On Wed, Jan 2, 2019 at 3:17 PM Florian Westphal wrote:
>
> Mauricio Faria de Oliveira wrote:
> > Either way, the suggested mainline fix does actually fix the issue in 4.14
> > for at least one environment. So, it might well be the case that Alakesh's
&
On Wed, Jan 2, 2019 at 3:06 PM Florian Westphal wrote:
>
> Mauricio Faria de Oliveira wrote:
> > +static const struct nf_conntrack_tuple_hash *
> > +find_or_evict(struct net *net, struct xt_connlimit_conn *conn)
> > +{
> > + const struct nf_conntrack_tuple_h
unt.c -> xt_connlimit.c.
- nf_conncount_rb -> xt_connlimit_rb
- nf_conncount_tuple -> xt_connlimit_conn
- conncount_conn_cachep -> connlimit_conn_cachep]
Signed-off-by: Mauricio Faria de Oliveira
---
net/netfilter/xt_connlimit.c | 52 +++-
1 file ch
Recently, Alakesh Haloi reported the following issue [1] with stable/4.14:
"""
An iptable rule like the following on a multicore systems will result in
accepting more connections than set in the rule.
iptables -A INPUT -p tcp -m tcp --syn --dport -m connlimit \
--connlimit-a
_conn_cachep -> connlimit_conn_cachep]
Signed-off-by: Mauricio Faria de Oliveira
---
include/net/netfilter/nf_conntrack_count.h | 14
net/netfilter/xt_connlimit.c | 36 +++---
2 files changed, 37 insertions(+), 13 deletions(-)
create mode 100644 includ
refactor, so do it here, while still here in this related patch.]
Signed-off-by: Mauricio Faria de Oliveira
---
net/netfilter/xt_connlimit.c | 8 ++--
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index ffa8eec..79d41
count only
use case")
which addresses nf_conncount_count() that does not exist yet -- it's
introduced by
upstream commit 625c556118f3 ("netfilter: connlimit: split xt_connlimit
into front
and backend"), a refactor change.
- nft_connlimit.c -> removed, not used/doesn't
On Fri, Oct 5, 2018 at 6:24 PM David Ahern wrote:
>
> On 10/5/18 3:22 PM, David Miller wrote:
> > From: Mauricio Faria de Oliveira
> > Date: Mon, 1 Oct 2018 22:50:32 -0300
> >
> >> On Mon, Oct 1, 2018 at 12:38 PM Mauricio Faria de Oliveira
> >> wr
On Mon, Oct 1, 2018 at 12:38 PM Mauricio Faria de Oliveira
wrote:
> Ok, thanks for your suggestions.
> I'll do some research/learning on them, and give it a try for a v2.
FYI, that is "[PATCH v2 net-next] rtnetlink: fix rtnl_fdb_dump() for
ndmsg header".
BTW, could pleas
ink
$ go build neighlist
$ ~/go/src/neighlist/neighlist
Thanks to David Ahern for suggestions to improve this patch.
Fixes: 0ff50e83b512 ("net: rtnetlink: bail out from rtnl_fdb_dump() on parse
error")
Fixes: 5e6d24358799 ("bridge: netlink dump interface at par with
On Mon, Oct 1, 2018 at 12:01 PM David Ahern wrote:
>
> On 10/1/18 6:44 AM, Mauricio Faria de Oliveira wrote:
> >> I suspect rtnl_fdb_dump is forever stuck with the ifinfomsg struct as
> >> the header if any kernel side filtering is to be done. [snip]
> >
> > W
On Sun, Sep 30, 2018 at 10:06 PM David Ahern wrote:
>
> On 9/28/18 1:35 PM, Mauricio Faria de Oliveira wrote:
> > Currently, rtnl_fdb_dump() assumes the family header is 'struct ifinfomsg',
> > which is not always true. For example, 'struct ndmsg' is us
ink")
func main() {
neighs, _ := netlink.NeighList(0, syscall.AF_BRIDGE)
for _, neigh := range neighs { fmt.Printf("%#v\n", neigh) }
}
$ export GOPATH=~/go
$ go get github.com/vishvananda/netlink
$ go build neighlist
$ ~/go/src/neighlist/neighlist
19 matches
Mail list logo
