similar to: Setting priority in userspace gets ignored

Hi, after I saw that my machine was having problems to forward more than 200 Mbit/s, I decided to profile the kernel and find out the hotspots. This is what I found: [...] 1028 bridge.ko __br_forward 1033 bridge.ko br_nf_forward_finish 1074 bridge.ko ip_sabotage_in 1119 ebtable_filter.ko ebt_hook 1177 sky2.ko

Hi, This is a second try to fix the long chain call lengths in netfilter. The difference with the previous patch is that I got rid of the extra argument. I somehow didn't see it could be done without using the 'int *ret2' argument. A comment on the number of arguments to nf_hook_slow: I don't think the number of arguments should be decreased. For the bridge-nf code, f.e., the

hi i have gone through the achieves but still could not get my bridge to suvive a reboot . please can anyone help me am using fedora core 2 -----Original message----- From: bridge-request@lists.osdl.org Date: Fri, 28 Jan 2005 03:08:06 +0100 To: bridge@lists.osdl.org Subject: Bridge Digest, Vol 17, Issue 25 > Send Bridge mailing list submissions to > bridge@lists.osdl.org > >

Hi, we've seen SELinux reports from our users that dovecot tried to use something that needs CAP_NET_ADMIN capability. Before enabling it, we would like to know where it originated from. I've checked the sources, but was not able to find anything that would require this capability. Do you know for what it is used? CAP_NET_ADMIN Perform various network-related operations: * interface

On 20 Jun 2017, at 14.18, Michal Hlavinka <mhlavink at redhat.com> wrote: > > Hi, > > we've seen SELinux reports from our users that dovecot tried to use something that needs CAP_NET_ADMIN capability. Before enabling it, we would like to know where it originated from. I've checked the sources, but was not able to find anything that would require this capability. Do you

--Qz2CZ664xQdCRdPu Content-Type: multipart/mixed; boundary="BI5RvnYi6R4T2M87" Content-Disposition: inline --BI5RvnYi6R4T2M87 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! Unfortunately there is a very unpopular announcement to be made on this list: A netfilter security advisory. Phillipe Biondi has been

Hello all, My question: - - - - - - - Does anybody know when the reverse path filtering occurs as the packet traverses the kernel? Does it happen before NF_IP_PRE_ROUTING (PREROUTING) or not? Does it only happen at route selection time? What I have tried to do to find the answer: - - - - - - - - - - - - - - - - - - - - - - I find a posting (from many years ago) [0], which suggests that this

Hi,All I setup traffic control configuration with HTB this way: 1: root HTB qdisc | 1:1 HTB class rate 1024kbit | /-----+-----+-----+------+-----\ 1:10 1:20 1:30 1:40 1:50 1:60 EF AF41 AF31 AF21 AF11 BE and alloct different bandwidth to these PHBs(queues).So which tool would I use to generate these packets at the same to for

Hi all, The patch below does four trivial changes and one big change Trivial changes, these are all in br_netfilter.c: - check ar_pln==4 when giving bridged ARP packets to arptables - delete unnecessary if in br_nf_local_in - add more logging for the "Argh" message - add some brag-comments in the file head comment Big change: let {ip,arp}tables see VLAN tagged {I,AR}P packets. This

On 28/08/14 20:06, Andy Lutomirski wrote: [...] >> block seems to work, with net a simple ping works, iperf causes this: > > I neither see the bug, nor can I reproduce it on x86_64 on KVM. I > doubt that dma vs. non-dma is relevant. I tried -net user a -net tap > with iperf running in both directions. I also tried switching > virtio_pci into non-DMA-API mode. No errors.

same patch as 2.4, just the offsets are changed. diff -Nru a/net/bridge/br_forward.c b/net/bridge/br_forward.c --- a/net/bridge/br_forward.c Mon Sep 8 09:31:19 2003 +++ b/net/bridge/br_forward.c Mon Sep 8 09:31:19 2003 @@ -69,6 +69,7 @@ indev = skb->dev; skb->dev = to->dev; + skb->ip_summed = CHECKSUM_NONE; NF_HOOK(PF_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,

br_nf_forward_ip() { parent = bridge_parent(out); NF_HOOK(pf, NF_INET_FORWARD, skb, brnf_get_logical_dev(skb, in), parent, br_nf_forward_finish); } here, let us suppose pf = NFPROTO_IPV4, i think the return value of brnf_get_logical_dev(skb, in) equals parent ? its comment 'This is the 'purely bridged' case. For IP, we pass the packet to * netfilter with indev and outdev set to the

br_nf_forward_ip() { parent = bridge_parent(out); NF_HOOK(pf, NF_INET_FORWARD, skb, brnf_get_logical_dev(skb, in), parent, br_nf_forward_finish); } here, let us suppose pf = NFPROTO_IPV4, i think the return value of brnf_get_logical_dev(skb, in) equals parent ? its comment 'This is the 'purely bridged' case. For IP, we pass the packet to * netfilter with indev and outdev set to the

br_nf_forward_ip() { parent = bridge_parent(out); NF_HOOK(pf, NF_INET_FORWARD, skb, brnf_get_logical_dev(skb, in), parent, br_nf_forward_finish); } here, let us suppose pf = NFPROTO_IPV4, i think the return value of brnf_get_logical_dev(skb, in) equals parent ? its comment 'This is the 'purely bridged' case. For IP, we pass the packet to * netfilter with indev and outdev set to the

The hardware checksumming flags need to be cleared when forwarding packets. Bridging just needs to forward what ever checksum is in the existing skbuff, it doesn't want or need the packet to be resummed. Without this fix, forwarding between smart/dumb interfaces causes an oops. diff -Nru a/net/bridge/br_forward.c b/net/bridge/br_forward.c --- a/net/bridge/br_forward.c Mon Sep 8 09:29:44

On Mon, Jun 05, 2017 at 05:08:25AM +0300, Michael S. Tsirkin wrote: > On Mon, Jun 05, 2017 at 12:48:53AM +0200, Jean-Philippe Menil wrote: > > Hi, > > > > while playing with xdp and ebpf, i'm hitting the following: > > > > [ 309.993136] > > ================================================================== > > [ 309.994735] BUG: KASAN:

On Mon, Jun 05, 2017 at 05:08:25AM +0300, Michael S. Tsirkin wrote: > On Mon, Jun 05, 2017 at 12:48:53AM +0200, Jean-Philippe Menil wrote: > > Hi, > > > > while playing with xdp and ebpf, i'm hitting the following: > > > > [ 309.993136] > > ================================================================== > > [ 309.994735] BUG: KASAN:

On 27/08/14 23:50, Andy Lutomirski wrote: > This fixes virtio on Xen guests as well as on any other platform > that uses virtio_pci on which physical addresses don't match bus > addresses. > > This can be tested with: > > virtme-run --xen xen --kimg arch/x86/boot/bzImage --console > > using virtme from here: > >

Hello, I''ve got several kernel panic on a domU under network activity (multiple rsync using rsh). I didn''t manage to reproduce it manually, but it happened 5times during the last month. Each time, it is the same kernel trace. I am using Debian 5.0.8 with kernel/hypervisor : ii linux-image-2.6.32-bpo.5-amd64 2.6.32-30~bpo50+1 Linux 2.6.32 for 64-bit PCs ii

Hello, I''ve got several kernel panic on a domU under network activity (multiple rsync using rsh). I didn''t manage to reproduce it manually, but it happened 5times during the last month. Each time, it is the same kernel trace. I am using Debian 5.0.8 with kernel/hypervisor : ii linux-image-2.6.32-bpo.5-amd64 2.6.32-30~bpo50+1 Linux 2.6.32 for 64-bit PCs ii