Displaying 15 results from an estimated 15 matches for "flowtabl".
Did you mean:
flowtable
2016 Feb 26
1
Publication: Flowtables: Program Skeletal Inversion for Defeat of Interprocedural Analysis with Unique Metamorphism
http://dl.acm.org/citation.cfm?id=2843863
Luke Jones, Ryan Whelan, Jeremy Blackthorne, and Graham Baker. 2015.
Flowtables: Program Skeletal Inversion for Defeat of Interprocedural
Analysis with Unique Metamorphism. In Proceedings of the 5th Program
Protection and Reverse Engineering Workshop (PPREW-5). ACM, New York, NY,
USA, , Article 6 , 11 pages. DOI=http://dx.doi.org/10.1145/2843859.2843863
-------------- next p...
2024 Apr 04
2
[Bug 1743] New: Flowtable: Flows exiting OFFLOAD State being assigned value of nf_conntrack_tcp_timeout_unacknowledged
https://bugzilla.netfilter.org/show_bug.cgi?id=1743
Bug ID: 1743
Summary: Flowtable: Flows exiting OFFLOAD State being assigned
value of nf_conntrack_tcp_timeout_unacknowledged
Product: nftables
Version: 1.0.x
Hardware: x86_64
OS: other
Status: NEW
Severity: normal
Priority: P5...
2019 Aug 19
1
[ANNOUNCE] libnftnl 1.1.4 release
Hi!
The Netfilter project proudly presents:
libnftnl 1.1.4
libnftnl is a userspace library providing a low-level netlink
programming interface (API) to the in-kernel nf_tables subsystem. The
library libnftnl has been previously known as libnftables. This
library is currently used by nftables.
See ChangeLog that comes attached to this email for more details.
You can download it from:
2020 Jun 06
0
[ANNOUNCE] nftables 0.9.5 release
...8.10.35 counter packets 1 bytes 84, 192.168.10.101 counter p
192.168.10.135 counter packets 0 bytes 0 }
}
chain z {
type filter hook output priority filter; policy accept;
ip daddr @y
}
}
* Counters support for flowtables:
table ip foo {
flowtable bar {
hook ingress priority -100
devices = { eth0, eth1 }
counter
}
chain forward {
type filter hook forward priority filter;
fl...
2019 May 27
0
[ANNOUNCE] libnftnl 1.1.3 release
...o (2):
udata: add NFTNL_UDATA_* definitions
build: libnftnl 1.1.3 release
Phil Sutter (12):
chain: Support per chain rules list
chain: Add lookup functions for chain list and rules in chain
chain: Hash chain list by name
object: Avoid obj_ops array overrun
flowtable: Add missing break
flowtable: Fix use after free in two spots
flowtable: Fix memleak in nftnl_flowtable_parse_devs()
flowtable: Fix for reading garbage
src: chain: Add missing nftnl_chain_rule_del()
src: chain: Fix nftnl_chain_rule_insert_at()
src: rule: Support...
2019 Dec 04
3
[Bug 1387] New: Repoering libnftnl bugs
https://bugzilla.netfilter.org/show_bug.cgi?id=1387
Bug ID: 1387
Summary: Repoering libnftnl bugs
Product: bugzilla
Version: other
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: netfilter bugzilla
Assignee: netfilter-buglog at
2020 Apr 01
0
[ANNOUNCE] libnftnl 1.1.6 release
...support for NFTNL_SET_EXPR
expr: masq: revisit _snprintf()
expr: nat: snprint flags in hexadecimal
Revert "bitwise: add support for passing mask and xor via registers."
include: update nf_tables.h.
build: libnftnl 1.1.6 release
Phil Sutter (7):
tests: flowtable: Don't check NFTNL_FLOWTABLE_SIZE
flowtable: Fix memleak in error path of nftnl_flowtable_parse_devs()
chain: Fix memleak in error path of nftnl_chain_parse_devs()
flowtable: Correctly check realloc() call
chain: Correctly check realloc() call
examples: Replace us...
2023 May 16
4
[Bug 1680] New: Trying to delete offloaded flow with conntrack results in EBUSY
...ct: nftables
Version: unspecified
Hardware: All
OS: other
Status: NEW
Severity: major
Priority: P5
Component: kernel
Assignee: pablo at netfilter.org
Reporter: demiobenour at gmail.com
If I am using a flowtable to accelerate forwarding and try to use conntrack to
delete the offloaded flows, conntrack fails with EBUSY. This is a problem if
the purpose of deleting the flows is to enforce changed firewall rules.
This was found while investigating
https://github.com/QubesOS/qubes-issues/issues/8212 (found...
2020 Oct 27
0
[ANNOUNCE] nftables 0.9.7 release
...ounter accept
}
}
* Allow to use variables in the log prefix string.
define foo= "state"
define bar = "match"
table x {
chain y {
ct state invalid log prefix "invalid $foo $bar:"
}
}
* Allow to use variables in chain and flowtable definitions, e.g.
define if_main = lo
table netdev x {
chain y {
type filter hook ingress device $if_main priority -500; policy accept;
}
}
* Allow to define negative values in variables:
define post = -10
define for = "filter - 100"
table ine...
2020 Jun 05
0
[ANNOUNCE] libnftnl 1.1.7 release
...tp://ftp.netfilter.org/pub/libnftnl/
Have fun.
-------------- next part --------------
Pablo Neira Ayuso (5):
udata: add NFTNL_UDATA_SET_DATA_INTERVAL
expr: objref: add nftnl_expr_objref_free() to release object name
expr: dynset: release stateful expression from .free path
flowtable: relax logic to build NFTA_FLOWTABLE_HOOK
build: libnftnl 1.1.7 release
2018 Oct 17
1
[Bug 1283] New: names must be strings
...:ip" and "blocked:host:ip6".
In case : is not acceptable in set names for syntax reasons, I'd be fine with
using quoted strings for non-alphanumeric set names.
Seems like this issue applies to everything using identifier (STRING as
acceptable type), including tables chains sets flowtables objects.
nft -v
nftables v0.9.0 (Fearless Fosdick)
Linux p0 4.18.0-0.bpo.1-amd64 #1 SMP Debian 4.18.6-1~bpo9+1 (2018-09-13) x86_64
GNU/Linux
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
UR...
2020 Jul 16
1
[Bug 1442] New: Definitions cannot be referenced in chain type configuration
https://bugzilla.netfilter.org/show_bug.cgi?id=1442
Bug ID: 1442
Summary: Definitions cannot be referenced in chain type
configuration
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Ubuntu
Status: NEW
Severity: normal
Priority: P5
Component: nft
2012 Feb 10
21
Reducing the need to compile a custom kernel
Hi,
during some big discussions in the last monts on various lists, one of
the problems was that some people would like to use freebsd-update but
can't as they are using a custom kernel. With all the kernel modules
we provide, the need for a custom kernel should be small, but on the
other hand, we do not provide a small kernel-skeleton where you can
load just the modules you need.
2020 Apr 01
0
[ANNOUNCE] nftables 0.9.4 release
...erdata interface
rt: add parse and build userdata interface
fib: add parse and build userdata interface
xfrm: add parse and build userdata interface
main: enforce options before commands
scanner: incorrect error reporting after file inclusion
tests: shell: delete flowtable after flushing chain
main: restore --debug
evaluate: better error notice when interval flag is not set on
tests: shell: set lookup and set update
tests: shell: update list of rmmod modules
tests: shell: validate error reporting with include and glob
scanner: use...
2010 Jul 19
1
packet loss on ixgbe using vlans and ipv6
Hi,
I have a Dell T710 with 4 X 10G ethernet interfaces (2 X Dual port Intel
82599 cards). It is running FreeBSD RELENG_8 last updated on July 13.
What I see is packet loss (0 - 40%) on IPv6 packets in vlans, when the
machine is not the originator of the packets.
Let me try to describe a little more. If a neigbouring machine ping6 it,
there will be packet loss. If it act as a router for ipv6,