similar to: ebtables locking issue

Hi, This is a second try to fix the long chain call lengths in netfilter. The difference with the previous patch is that I got rid of the extra argument. I somehow didn't see it could be done without using the 'int *ret2' argument. A comment on the number of arguments to nf_hook_slow: I don't think the number of arguments should be decreased. For the bridge-nf code, f.e., the

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=495 Summary: Netfilter Connection Tracking Race Condition in Kernel 2.4.x Product: netfilter/iptables Version: linux-2.4.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ip_conntrack

This question is not about linux usage. But still i think user list is a good crowd for linux programmer. So here it goes. I have this libnetfilter_queue application which receives packets from kernel based on some iptables rule. Before going straight to my problem, i'm giving a sample workable code and other tools to set up a test environment so that We problem definition and possible

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=530 Summary: loading nf_nat verision of the iptable_nat module kills existing connections Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component:

On Monday 29 September 2003 20:44, DarthPeter wrote: > Hi everyone, Hello, I'm CC-ing the bridge mailing list since there are more people on that one and they might be able to shed more light. > We are trying to build a powerful firewall that could handle > several hundred megabits of traffic and we are running into a problem > with it. We'd like to be able to accomplish

Hi all, The patch below does four trivial changes and one big change Trivial changes, these are all in br_netfilter.c: - check ar_pln==4 when giving bridged ARP packets to arptables - delete unnecessary if in br_nf_local_in - add more logging for the "Argh" message - add some brag-comments in the file head comment Big change: let {ip,arp}tables see VLAN tagged {I,AR}P packets. This

Hi, after I saw that my machine was having problems to forward more than 200 Mbit/s, I decided to profile the kernel and find out the hotspots. This is what I found: [...] 1028 bridge.ko __br_forward 1033 bridge.ko br_nf_forward_finish 1074 bridge.ko ip_sabotage_in 1119 ebtable_filter.ko ebt_hook 1177 sky2.ko

https://bugzilla.netfilter.org/show_bug.cgi?id=1432 Bug ID: 1432 Summary: ebtables ebtables-2.0.11 buffer overflow on getting kernel data ( ebtables compiled with address sanitizer) Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status:

https://bugzilla.netfilter.org/show_bug.cgi?id=1481 Bug ID: 1481 Summary: [ebtables-nft] ebtables -E gives error Product: iptables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: iptables Assignee:

An earlier variant of your patch was applied already, included below. You'll need to submit the newer parts relative to the current tree. diff-tree 7ad4d2f6901437ba4717a26d395a73ea362d25c6 (from b8282dcf0417bbc8a0786c129fdff9cc768f8f3c) Author: Jayachandran C <c.jayachandran@gmail.com> Date: Tue Apr 11 17:25:38 2006 -0700 [BRIDGE] ebtables: fix allocation in

Hi all, I am trying to perform single-stepping and instruction emulation both in Xen-3.2.1. I am using the following approach: First, I mark a guest page "not present" inside the shadow page table so that I could intercept any operation that involves this page. When the guest tries to access that page, it faults and control goes to Xen (sh_page_fault function). There, I emulate that

The following 3 locks would race against each other, causing the deadlock situation in the Syzbot bug report: - j1939_socks_lock - active_session_list_lock - sk_session_queue_lock A reasonable fix is to change j1939_socks_lock to an rwlock, since in the rare situations where a write lock is required for the linked list that j1939_socks_lock is protecting, the code does not attempt to acquire any

https://bugzilla.netfilter.org/show_bug.cgi?id=1723 Bug ID: 1723 Summary: ebtables-nft help output woes Product: ebtables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: ebtables-nft Assignee: pablo at netfilter.org

Hi! The Netfilter project presents: ebtables 2.0.11 ebtables is the userspace command line program used to configure the Linux 2.4.x and bridge packet filtering ruleset. It is targeted towards system administrators. NOTE: This is a release of legacy software. Patches may still be accepted and pushed out to the git repository, which will remain active and accessible as usual although

Hi, At http://sourceforge.net/projects/ebtables/ you can find the following new releases: ebtables-brnf-3-vs-2.4.22 Changes: - let iptables see VLAN tagged IP traffic - bugfix for queued packets that get mangled in userspace - ebt_among module (Grzegorz Borowiak) - ebt_limit module (Tom Marshall) The patch compiles but I've done no further tests, but I probably didn't screw up.

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to

From: "GONG, Ruiqi" <gongruiqi1 at huawei.com> [ Upstream commit a7ed3465daa240bdf01a5420f64336fee879c09d ] When compiling with gcc 13 and CONFIG_FORTIFY_SOURCE=y, the following warning appears: In function ?fortify_memcpy_chk?, inlined from ?size_entry_mwt? at net/bridge/netfilter/ebtables.c:2118:2: ./include/linux/fortify-string.h:592:25: error: call to