search for: nf_log

...ls.c | 6 ++- net/mptcp/ctrl.c | 3 +- net/netfilter/ipvs/ip_vs_ctl.c | 8 ++- net/netfilter/ipvs/ip_vs_lblc.c | 10 ++-- net/netfilter/ipvs/ip_vs_lblcr.c | 10 ++-- net/netfilter/nf_conntrack_standalone.c | 4 +- net/netfilter/nf_log.c | 7 +-- net/rds/tcp.c | 3 +- net/sctp/sysctl.c | 4 +- net/smc/smc_sysctl.c | 3 +- net/sysctl_net.c | 26 +++++++--- net/unix/sysctl_net_unix.c | 3 +- net/xfrm/xfrm_sys...

...udata: incorrect userdata buffer size validation utils: remove unused code Phil Sutter (24): set: Do not leave free'd expr_list elements in place tests: Fix objref test case expr: Repurpose struct expr_ops::max_attr field expr: Call expr_ops::set with legal types only include: Sync nf_log.h with kernel headers expr: Introduce struct expr_ops::attr_policy expr: Enforce attr_policy compliance in nftnl_expr_set() chain: Validate NFTNL_CHAIN_USE, too table: Validate NFTNL_TABLE_USE, too flowtable: Validate NFTNL_FLOWTABLE_SIZE, too obj: Validate NFTNL_OBJ_TYPE, too set: Va...

...-> (http://bugzilla.netfilter.org/attachment.cgi?id=354) Fix range in man for --nflog-group Hi, In extensions/libxt_NFLOG.man there's information about --nflog-group range 1 to 2^32-1, But nflog-group option is defined as .type = XTTYPE_UINT16, and in kernel sources (include/net/netfilter/nf_log.h) group is declared as u_int16_t. Attaching patch to fix man file. -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.

...long to answer. Can you add an iptables-save output to the ticket (or sent it to me privately if you need to) ? I really don't get what's going on and with that info I will be able to improve diagnostic and even to reproduce it. Can you also attache the result of: cat /proc/net/netfilter/nf_log Thanks in advance. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20141116/9ecce5fb/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=977 --- Comment #13 from Netbug <b1b30ee4 at opayq.com> --- Created attachment 456 --> https://bugzilla.netfilter.org/attachment.cgi?id=456&action=edit nf_log -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20141117/3cf30d95/attachment.html>

...Thanks for getting back to me, really appreciate it. > > I'm not using NFLOG at the moment, so let me know if the iptables-save is > ok, without using it at the moment, along with the cat? OK, I really need to see how NFLOG is used. > > I've attached two logs for each... nf_log file content is not the good one, I only see the name of the file inside the file. Can you reupload ? -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/...

https://bugzilla.netfilter.org/show_bug.cgi?id=977 --- Comment #15 from Netbug <b1b30ee4 at opayq.com> --- Ok I was thinking this so I set everything back to NFLOG, I've attached; iptables-save_nflog Here's the cat /proc/net/netfilter/nf_log; 0 NONE (nfnetlink_log) 1 NONE (nfnetlink_log) 2 nfnetlink_log (nf_log_ipv4,nfnetlink_log) 3 NONE (nfnetlink_log) 4 NONE (nfnetlink_log) 5 NONE (nfnetlink_log) 6 NONE (nfnetlink_log) 7 nfnetlink_log (nfnetlink_log) 8 NONE (nfnetlink_log) 9 NONE (nfnetlink_log) 10 nfnetlink_log (nfnetlin...

https://bugzilla.netfilter.org/show_bug.cgi?id=977 --- Comment #20 from Netbug <b1b30ee4 at opayq.com> --- Hi Eric, The new log; iptables-save_nflog_2 and the output I pasted for, cat /proc/net/netfilter/nf_log; All this is good now? -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20141120/9fc24378/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=977 --- Comment #21 from Eric Leblond <eric at regit.org> --- Hello, (In reply to Netbug from comment #20) > Hi Eric, > > The new log; iptables-save_nflog_2 and the output I pasted for, > > cat /proc/net/netfilter/nf_log; > > All this is good now? All i see in the iptables rules regarding NFLOG is: -A INPUT -j NFLOG --nflog-prefix "Shorewall:INPUT:REJECT:" -A FORWARD -j NFLOG --nflog-prefix "Shorewall:FORWARD:REJECT:" -A OUTPUT -j NFLOG --nflog-prefix "Shorewall:OUTPUT:REJECT...

...e sa and that the TRACE docs ( in the iptables-extensions manpage) mentioned "ip(6)t_LOG or nfnetlink_log". When I saw that the rule was matching I then started to search for ipt_LOG which turned out to be unfruitful. Eventually someone on irc gave me the right answer which was: modprobe nf_log_ipv4; sysctl net.netfilter.nf_log.2=nf_log_ipv4; and then it worked. Maybe the docs for TRACE could be enhanced to include info like this or at least pointers to the casual sa where to look. I'm on fedora 24 which seems to be using iptables v1.4.21. Thanks, jdv -- You are receiving this mai...

...am unable to reproduce this crash using nftables 0.9.3 on Rocky Linux 8. Using that version, the above commands fail with the message "Error: Could not process rule: Numerical result out of range". >From what I can see, the log prefix buffer size is defined in include/linux/netfilter/nf_log.h and used to create stack variables in src/json.c and src/statement.c. The stack variables are then passed to expr_to_string() without any indication of the maximum size. Please let me know if there's anything I can do to assist fixing this bug! -- Sam -- You are receiving this mail becau...

...r, the host does not have iptables-legacy-save iptables-libs-1.8.4-10.el8_2.1.x86_64 iptables-ebtables-1.8.4-10.el8_2.1.x86_64 iptables-1.8.4-10.el8_2.1.x86_64 I've tried to debug some iptables problems inside the container, enabling the corresponding modules: modprobe -v ipt_LOG modprobe -v nf_log_ipv4 ,setting the sysctl parameters: sysctl net.netfilter.nf_log.2=nf_log_ipv4 net.netfilter.nf_log_all_netns=1 and adding the corresponding rules: iptables-nft -L -t raw Chain PREROUTING (policy ACCEPT) target prot opt source destination TRACE udp -- anywhere...

...object reference expression set: add NFTNL_SET_OBJ_TYPE attribute set_elem: add NFTNL_SET_ELEM_OBJREF attribute expr: objref: add support for stateful object maps quota: support for consumed bytes build: update LIBVERSION to prepare a new release include: Missing nf_log.h in Makefile Phil Sutter (7): set: prevent memleak in nftnl_jansson_parse_set_info() expr/ct: prevent array index overrun in ctkey2str() expr/limit: Drop unreachable code in limit_to_type() common: Avoid integer overflow in nftnl_batch_is_supported() src: Avoid retur...

....c | 3 +- > > net/netfilter/ipvs/ip_vs_ctl.c | 8 ++- > > net/netfilter/ipvs/ip_vs_lblc.c | 10 ++-- > > net/netfilter/ipvs/ip_vs_lblcr.c | 10 ++-- > > net/netfilter/nf_conntrack_standalone.c | 4 +- > > net/netfilter/nf_log.c | 7 +-- > > net/rds/tcp.c | 3 +- > > net/sctp/sysctl.c | 4 +- > > net/smc/smc_sysctl.c | 3 +- > > net/sysctl_net.c | 26 +++++++--- > > net/unix/sysctl_...

Hi All, I followed the instructions here at http://bderzhavets.wordpress.com/2009/06/10/setup-fedora-11-pv-domu-at-xen-3-4-1-dom0-kernel-2-6-30-rc6-tip-on-top-of-fedora-11/ However, when I do a "make menuconfig", I cannot see any XEN related configuration options. What am I missing? Thank you. Mr. Teo En Ming Dip(Mechatronics Engineering) BEng(Hons)(Mechanical Engineering)