similar to: [Bug 1384] New: memory leaks when netfilter is used to filter network traffic

This question is not about linux usage. But still i think user list is a good crowd for linux programmer. So here it goes. I have this libnetfilter_queue application which receives packets from kernel based on some iptables rule. Before going straight to my problem, i'm giving a sample workable code and other tools to set up a test environment so that We problem definition and possible

Hi, This is a second try to fix the long chain call lengths in netfilter. The difference with the previous patch is that I got rid of the extra argument. I somehow didn't see it could be done without using the 'int *ret2' argument. A comment on the number of arguments to nf_hook_slow: I don't think the number of arguments should be decreased. For the bridge-nf code, f.e., the

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=495 Summary: Netfilter Connection Tracking Race Condition in Kernel 2.4.x Product: netfilter/iptables Version: linux-2.4.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ip_conntrack

http://bugzilla.netfilter.org/show_bug.cgi?id=708 Summary: Some accepted packets get lost Product: libnetfilter_queue Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P3 Component: libnetfilter_queue AssignedTo: netfilter-buglog at

https://bugzilla.netfilter.org/show_bug.cgi?id=1742 Bug ID: 1742 Summary: using nfqueue breaks SCTP connection (tracking) Product: libnetfilter_queue Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: libnetfilter_queue Assignee:

http://bugzilla.netfilter.org/show_bug.cgi?id=586 Summary: Problems changing the source address of a packet Product: libnetfilter_queue Version: unspecified Platform: All OS/Version: All Status: NEW Severity: blocker Priority: P1 Component: libnetfilter_queue AssignedTo: laforge at netfilter.org

Hi! Today the netfilter project released libnfnetlink-0.0.11 ftp://ftp.netfilter.org/pub/libnfnetlink/libnfnetlink-0.0.11.tar.bz2 This is the low-level communications library libnetfilter_log-0.0.10 ftp://ftp.netfilter.org/pub/libnetfilter_log/libnetfilter_log-0.0.10.tar.bz2 This is the userspace library for nfnetlink_log in 2.6.14 It is used by the upcoming ulogd-2.00beta release Needs

Hi, I am experimenting with libnetfilter_queue. libnetfilter_queue is a userspace library providing an API to packets that have been queued by the kernel packet filter. I am using sample code(nfqnl_test.c) available on netfilter.org. I have generated two binaries (queue0 and queue1) using that nfqnl_test.c sample code. These binaries are working as per expected behaviour in case of Centos 6.2

Hi, I met a problem when using bridge with netfilter. The kernel version 2.4.20, and the patch is bridge-nf-0.0.10-against-2.4.20.diff. Our firewall configuration is as follows, eth3,eth4,eth5,eth6 configured as a bridge with an IP address 10.0.0.1. The local net connect to the internet via the gateway 10.0.0.1 and SNAT is applied on the firewall. It worked but sometimes there are some

https://bugzilla.netfilter.org/show_bug.cgi?id=1455 Bug ID: 1455 Summary: Queue verdict cannot be used in vmap Product: nftables Version: unspecified Hardware: arm OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

I am asking this on behalf of the HIPL developers; http://infrahip.hiit.fi/ https://launchpad.net/hipl They have been working on getting their code consistant to the new libnetfilter architecture. Finally have Fedora 18 and 19 available, but have hit a stumbling block with Centos 6. They tell me they are not finding libnetfilter_queue. Here is their message to me: On 08/08/2013 02:03 PM,

Hi! The Netfilter project proudly presents: libnetfilter_queue 1.0.1 libnetfilter_queue is a userspace library providing an API to packets that have been queued by the kernel packet filter. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/libnetfilter_queue/downloads.html

Hi all, The patch below does four trivial changes and one big change Trivial changes, these are all in br_netfilter.c: - check ar_pln==4 when giving bridged ARP packets to arptables - delete unnecessary if in br_nf_local_in - add more logging for the "Argh" message - add some brag-comments in the file head comment Big change: let {ip,arp}tables see VLAN tagged {I,AR}P packets. This

https://bugzilla.netfilter.org/show_bug.cgi?id=957 Summary: [PATCH] Wrong function name in libnetfilter_queue/libnetfilter_queue_ipv6.h Product: libnetfilter_queue Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P5 Component: libnetfilter_queue

On Fri, 07 Jan 2005 17:05:59 +0000 David Woodhouse <dwmw2@infradead.org> wrote: > On Sat, 2004-12-18 at 08:50 +0100, Andi Kleen wrote: > > It's not really an oops, just a warning that stack space got quiet > > tight. > > > > The problem seems to be that the br netfilter code is nesting far too > > deeply and recursing several times. Looks like a design

--mYCpIKhGyMATD0i+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Netfilter Core Team Security Advisory =20 CVE: CAN-2003-0187 Subject: Netfilter / Connection Tracking Remote DoS Released: 01 Aug 2003 Effects: Any remote user may be able to DoS a machine

https://bugzilla.netfilter.org/show_bug.cgi?id=837 Summary: Large ICMP packets are lost Product: libnetfilter_queue Version: unspecified Platform: x86_64 OS/Version: other Status: NEW Severity: normal Priority: P5 Component: libnetfilter_queue AssignedTo: netfilter-buglog at lists.netfilter.org

On 19/04/2020 14:58, Jeffrey Walton wrote: Hi Jeffrey, > The offending host is 59.64.129.175. To err on the side of caution we > attempted to block the entire netblock. According to whois data, > that's 59.64.128.0-59.64.159.255. > > iptables -A INPUT -s 59.64.128.0/19 -p TCP -j DROP > > After reboot cpu usage is still high and access_log still shows > useless

Thought it might also be helpful to confirm that firewalld is not interfering in any way. what is the output of ~$# systemctl status firewalld On Sun, Apr 19, 2020 at 9:30 AM Jeffrey Walton <noloader at gmail.com> wrote: > > On Sun, Apr 19, 2020 at 9:26 AM Anand Buddhdev <anandb at ripe.net> wrote: > > > > On 19/04/2020 14:58, Jeffrey Walton wrote: > > >

On Sun, Apr 19, 2020 at 9:40 AM Mike <1100100 at gmail.com> wrote: > > Thought it might also be helpful to confirm that firewalld is not > interfering in any way. > > what is the output of ~$# systemctl status firewalld Thanks Mike. # systemctl status firewalld Unit firewalld.service could not be found. Jeff