similar to: help: can some body tell me the how to fill params of u32 filter in kernel ?

Hello! I am glad to announce a patch for u32 to allow matches on nfmark. The patch is non intrusive (few lines). Why I did this? Because fw classifier cannot be used together with u32. For example, now, you cannot match a mark of 0x90 and a destination port of 80. I know you can do it with iptables to do the marking, but if you use Jamal actions to apply mark to policed packets, you need

PATCH 1 ======= On my machine tc does not parse filter "sample" for the u32 filter. Eg: tc filter add dev eth2 parent 1:0 protocol ip prio 1 u32 ht 801: \ classid 1:3 \ sample ip protocol 1 0xff match ip protocol 1 0xff Illegal "sample" The reason is a missing memset. This patch fixes it. diff -Nur iproute-20051007.keep/tc/f_u32.c iproute-20051007/tc/f_u32.c

Hello TC''s syntax, particulary u32 filter, is far more rich than what man, howto or command''s help provides. I''ve been looking for information about the uses of ''offset'' parameter, or more detailed explanation of a few other/relevan options, but what I''ve found is very brief to say the least. So I checked the sources of cls_u32.c and

Hello! This is the try number two. What was changed: - Added selectable choice in Kconfig file (thanks Jamal!) - Don''t abuse tc_u32_sel to not break backward compatibility (thanks Patrick!). Stephen, do you have any comments on iproute2 part? I know it''s not perfect but this is the best way, I think. "u32 match mark vvvv mmmm" it''s intuitive but breaks a

Dear All I am kinda frustrated with the lack of help some developers are dispensing to this problem (read ignoring it). A few days ago (december 22th) I reported a problem with ''tc filter match mark'' against 2.4 kernel series and got no answers that could lead me to any solution. This is a steady problem that occurs in kernel 2.4 series and match mark (at least for me). I

iproute2 distribution in README.iproute2+tc includes toward the end an example of usage of syntax ''offset mask'' as follows: # Lookup hash table, if it is not fragmented frame # Use protocol as hash key $TC filter add dev eth1 parent 1:0 prio 5 handle ::1 u32 ht 800:: \ match ip nofrag \ offset mask 0x0F00 shift 6 \ hashkey mask 0x00ff0000 at 8 \ link 1: Also, identical

Hello, There's a memory allocation for sensitive_data.keys in ssh.c:848 which uses size of Key instead of Key*. This is probably harmless but seems to be wrong. --- a/ssh.c +++ b/ssh.c @@ -846,7 +846,7 @@ main(int ac, char **av) options.hostbased_authentication) { sensitive_data.nkeys = 7; sensitive_data.keys = xcalloc(sensitive_data.nkeys, -

https://bugzilla.mindrot.org/show_bug.cgi?id=2175 Bug ID: 2175 Summary: possible use after free Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

hi, As a part of the test suite for xen that I've started off - I needed a way to inject a ssh key into the image [1]; so have come up with this : https://github.com/CentOS/sig-virt-t_xen/blob/master/scripts/inject_ssh.sh ; its not pretty and it wont handle lots of use cases, but it does what is needed at hand. Comments ? I'm also considering if we should include this script within the

Hello all. Talking about Samba 3.0.28 on AIX 5.3.0.0. I am new to Samba, new to LDAP. I got a "no frills" config running. My goal : have a "no frills" + "authenticating against an existing already running LDAP server" config. I imagine I could get my samba server to authenticate against this LDAP Server. "Just point Samba at this LDAP, and that's it !"

Here is the script I put together now. I hope I haven't overlooked anything. You might need to modify the first section of variables to suit your setup. Ofcourse you need to run this as root. May be some version of this should be included with syslinux? Basically given an existing floppy image, it creates a larger image and copies its contents over and sets up the bootsector of the

https://bugzilla.mindrot.org/show_bug.cgi?id=2207 Bug ID: 2207 Summary: Potential NULL deference, found using coverity Product: Portable OpenSSH Version: -current Hardware: Other OS: FreeBSD Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee:

In the current implementation, ssh always uses the hostname supplied by the user directly for the SSHFP DNS record lookup. This causes problems when using the domain search path, e.g. I have "search example.com" in my resolv.conf and then do a "ssh host", I will connect to host.example.com, but ssh will query the DNS for an SSHFP record of "host.", not

For some reasons the afs tokenforwarding stuff has changed siginificantly from v 2.9p2 to 2.9.9p2. This makes it impossible to use public key authenticication in a standart AFS environment. I don't know the reasons for these changes. In any case attached is a patch which restores the old behaviour. Regards Serge -- Serge Droz Paul Scherrer Institut mailto:serge.droz at

In several places, openssh-2.9.9p2 passes a 'char' value to a ctype macro like 'isdigit'. This has undefined behavior on hosts with signed characters, if the character value happens to be negative. For example, isdigit('\200') expands to an array access that is a subscript error on hosts with signed characters where '\200' == -128. This leads to incorrect results,

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

When empty grids are shown (ex: no VMs in this pool) a specific graphic, message and improved action button are shown. For Task views, the user will see the current filter and an explanation that no tasks match that filter. Signed-off-by: Jeremy Perry <jeremy.perry at redhat.com> --- src/app/views/hardware/show_hosts.rhtml | 11 ++++------- src/app/views/hardware/show_storage.rhtml

I am testing out the grid-plots, but get into a problem making a legend. I have a line plot and some points, following the model in grid.plot.and.legend() i manage to get the points correctly in the legend, but what do I do with the line? (Of cource, I can just draw a line at the right location on the plot, but I would prefer to use legend) Morten -- Morten Sickel Norwegian Radiation

The nouveau driver, in the Linux 3.7 days, used to try and set the AVI InfoFrame based on the selected display mode. These days, it uses a fixed set of InfoFrames. Start to correct that, by providing a mechanism whereby InfoFrame data may be passed to the NVKM functions that do the actual configuration. At this point, only establish the new parameters and their parsing, don't actually use

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this