iptables | Devel

iptables | Devel Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/iptables/devel/ en-us (c) Gossamer Threads Inc. All rights reserved. 13 Feb 2012 03:52:50 -0800 120 Gossamer Threads | iptables | Devel 75 23 http://www.gossamer-threads.com/lists/iptables/devel/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg Auto-responder test Please ignore 20 Sep 2007 03:55:34 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69120 Old lists are disabled as of now gmane has picked up the new lists, marc.info probably also (if not it will soon), so effective immediately, I'm disabling subscriptions and postings t 20 Sep 2007 03:51:23 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69121 The cause of NAT/Masquerading not perfomed Hey everyone, What can be attributed as the cause for the problem of not performing an NAT/Masquerade? This is a basic scenario where a computer on t 19 Sep 2007 07:05:05 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69112 FYI: Solved a dynamic linking loader issues with iptables,libiptc Hi, Jseper: I have a problem which you have solved. Error:Couldn't load target 'standard': /lib/iptc/iptables/libipt_standard.so:undefined symbol: r 19 Sep 2007 00:51:51 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69113 Question : multicast through NAT server using iptables. I have some quesions about address multicasting through NAT server using iptables. 1 Does NAT server allow address multicasting ? 2 if does allow, 19 Sep 2007 00:43:56 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69115 [REMINDER]: netfilter list moved to kernel.org Just a reminder, the netfilter and netfilter-devel lists have moved to kernel.org, you can subscribe to the new lists at http://vger.kernel.org/vger- 18 Sep 2007 04:35:21 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69102 BUGs at tcp state transition? Hi, all. When I tested 2.6.20.16, found something strange. The following is the test case: 1. Establish a connection between client and server [.C 17 Sep 2007 18:43:59 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69094 Re: [PATCH] Suppress usage of lastnlh as it was overwritting last packet of the message. Eric Leblond wrote: > Hello, > > The following patch fixes the handling of netlink packets containing > multiple messages. > > As exposed during net 17 Sep 2007 06:41:57 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69089 Netfilter List cross-subscription [Re: Test] Patrick McHardy wrote: > netfilter-devel cross-subscription test, please ignore The cross-subscription appears to work, unfortunately (due to the su 17 Sep 2007 04:47:34 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69075 libnfconntrack and ipv6 addresses Hi, I am developping an application that uses libnfconntrack. I currently try to get the ipv6 addresses from a conntrack. However it seems it is no 17 Sep 2007 00:58:35 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69074 xt_time 20070915 (iptables) libipt_time from POM-ng, augmented by: * day-of-month support (for example "match on the 15th of each month") * inversion support for --weekdays an 15 Sep 2007 10:41:58 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69065 xt_time 20070915 For 2.6.24. Please comment, thanks! === ipt_time from POM-ng augmented by: * xtables * ipv6 support * day-of-month support (for example "match 15 Sep 2007 09:07:59 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69059 Re: netfilter workshop group photo annotations Harald Welte wrote: > I don't have an annotated photo, but maybe somebody wants to make one > using the following data: > > (all from left to right) 15 Sep 2007 03:40:13 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69052 netfilter.org debian migration (was Re: test) On Thu, Sep 13, 2007 at 07:09:21PM +0200, Jan Engelhardt wrote: > > On Sep 13 2007 18:42, Harald Welte wrote: > > > >testing the new debian based lis 15 Sep 2007 03:04:39 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69053 netfilter workshop group photo annotations On Wed, Sep 12, 2007 at 08:30:48PM +0200, Jan Engelhardt wrote: > > On Sep 12 2007 12:36, Patrick McHardy wrote: > > The netfilter and netfilter-deve 15 Sep 2007 02:37:45 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69055 test testing the new debian based list setup -- - Harald Welte <laforge@netfilter.org> http://netfilter.org/ ============================ 13 Sep 2007 09:42:36 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69050 [PATCH] add support to related connections via ctnetlink This patch adds support to relate a connection to an existing master connection. This patch is used by conntrackd to correctly replicate related conne 13 Sep 2007 08:47:12 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69047 is skb payload missing when using NF_IP_POST_ROUTING ? Hi, I'm trying to develop a queue handler using netfilter and iptables mangling to catch all data coming in and out of my network card. I'm using a h 13 Sep 2007 06:20:20 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69077 [ADMINISTRATIVE] netfilter.org downtime Hi! There will be an administrative downtime of pracitcally all netfilter.org services during the next couple of days (thursday/friday). I don't real 12 Sep 2007 08:37:42 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69036 Re: [NETLINK]: Introduce nested and byteorder flag to netlink attribute From: Thomas Graf <tgraf@suug.ch> Date: Wed, 12 Sep 2007 14:41:45 +0200 > This change allows the generic attribute interface to be used within > the 12 Sep 2007 05:45:26 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69031 [NETLINK]: Introduce nested and byteorder flag to netlink attribute This change allows the generic attribute interface to be used within the netfilter subsystem where this flag was initially introduced. The byte-order 12 Sep 2007 05:41:45 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69032 [ANNOUNCE]: netfilter-devel and netfilter list moving to kernel.org The netfilter and netfilter-devel mailinglists are moving to kernel.org, you can subscribe to the new lists at: http://vger.kernel.org/vger-lists.htm 12 Sep 2007 03:36:33 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69029 Re: u32 extension On Sep 10 2007 11:18, Patrick McHardy wrote: >Hi Jan, > >I just noticed the u32 extension is missing from iptables. >Could you send me your latest ver 10 Sep 2007 03:28:42 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69011 [NETFILTER 02/02]: Fix/improve deadlock condition on module removal netfilter [NETFILTER]: Fix/improve deadlock condition on module removal netfilter So I've had a deadlock reported to me. I've found that the sequence of event 09 Sep 2007 15:20:41 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69010 [NETFILTER 01/02]: nf_conntrack_ipv4: fix "Frag of proto ..." messages [NETFILTER]: nf_conntrack_ipv4: fix "Frag of proto ..." messages Since we're now using a generic tuple decoding function in ICMP connection tracking, 09 Sep 2007 15:20:39 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69009 [NETFILTER 00/02]: Netfilter fixes Hi Dave, these patches fix an incorrect warning message in IPv4 connection tracking and the module unload deadlock notices by Neil Horman. Please ap 09 Sep 2007 15:20:38 -0800 http://www.gossamer-threads.com/lists/iptables/devel/69008 [RFC] iptables namespaces Hi again, I've been thinking about some kind of namespaces in iptables where one can switch from one set of rules to another set of rules by flickin 07 Sep 2007 11:02:05 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68990 [RFC] High Performance Packet Classification (HPPC) to succeed HIPAC Hi, I'm a user of nf-HIPAC (http://www.hipac.org) and I've tried to monitor it's progress into the main kernel tree. Unfortunately, the work on nf-HI 07 Sep 2007 02:09:23 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68987 Re: [PATCH 2/2] Fix (improve) deadlock condition on module removal netfilter socket option removal On Wed, 2007-09-05 at 16:26 -0400, Jon Masters wrote: > On Tue, 2007-09-04 at 16:30 -0400, Neil Horman wrote: > > > 2nd of two patches. This pat 05 Sep 2007 15:41:09 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68957 Reading traffic from a serial port Hello, I need to see a traffic flowing between two nodes over a serial port /dev/ttyS0. The log files show me that the traffic exchange is going on an 05 Sep 2007 08:30:39 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68950 Re: [PATCH 0/2] Fix (improve) deadlock condition on module removal netfilter socket option removal Neil Horman wrote: > Hey all- > So I've had a deadlock reported to me. I've found that the sequence of > events goes like this: > > 1) process 05 Sep 2007 08:22:39 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68949 ipporthash doesn't work ( ipset-2.3.0, iptables-1.3.8-15, kernel-2.6.22.3-7-bigsmp, SuSE 10.3 Beta2) Hi, I compiled and installed ipset-2.3.0, I found the iphash worked fine but ipporthash acted wired. Here's the scenario: suse10-3:~ # ipset -N s 04 Sep 2007 15:16:58 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68943 [PATCH 2/2] Fix (improve) deadlock condition on module removal netfilter socket option removal Hey- 2nd of two patches. This patch enhances modprobe to operate like rmmod in non-blocking mode. It also adds a -w option to allow for expl 04 Sep 2007 13:30:53 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68961 [PATCH 1/2] Fix (improve) deadlock condition on module removal netfilter socket option removal Patch 1/2 to fix netfilter socket option removal This patch changes netfilter socket options to do reference counting on the module refcounter (And s 04 Sep 2007 13:27:43 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68960 [PATCH 0/2] Fix (improve) deadlock condition on module removal netfilter socket option removal Hey all- So I've had a deadlock reported to me. I've found that the sequence of events goes like this: 1) process A (modprobe) runs to remov 04 Sep 2007 13:24:33 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68959 [iptables] NFLOG-testx is not executable Hi, The test for NFLOG is not executable. This prevents NFLOG from building. A commiter should run the following command to change executable proper 04 Sep 2007 12:37:48 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68940 [PATCH] Makefile for man pages of xtables extensions Hello, I made this patch to include all available matches and targets to iptables.8 and ip6tables.8 man pages. The source file is lixt_*.c but the ma 03 Sep 2007 05:48:19 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68929 Measure CPU load of a filter application based on libipq Hi all, I'm on a Fedora Core 6 i386 machine. I have implemented a packet filter based on libipq which works great. It basically looks into the IP and 03 Sep 2007 01:15:01 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68916 [PATCH 3/3] libnl: add netfilter log support 02 Sep 2007 22:12:32 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68914 [PATCH 2/3] libnl: add netfilter conntrack support 02 Sep 2007 22:11:54 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68913 [PATCH 1/3] libnl: add netfilter support 02 Sep 2007 22:11:18 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68912 netfilter support in libnl There have been comments in the past on this list about using libnl for the netfilter netlink support, and since I would like to use a common library 02 Sep 2007 22:09:42 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68911 hashlimit match : how is that to use hop count as the hash info? Hi, Is it possible to use hop count (TTL) as the hash value? I can’t find the way to defend against spoofing based DDoS attacks. If the hop count 31 Aug 2007 23:16:45 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68886 Re: ipv4_get_l4proto: Frag of proto 17 Meelis Roos wrote: > Yesterdays git snapsot on a normal home PC spams dmesg with the > following line: > ipv4_get_l4proto: Frag of proto 17 In what 30 Aug 2007 00:08:48 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68856 [NETFILTER]: xt_tcpudp: fix wrong struct in udp_checkentry Hi Dave, the attached patch fixes an incorrectly used structure in xt_tcpudp, which apparently causes problems on CRIS. Please apply, thanks. 30 Aug 2007 00:04:09 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68855 Re: ipset patch-o-matic-ng-20070524.tar.bz2 doesn't work on SuSE 10.3 Beta2 kernel (2.6.22.3-7-bigsmp) Hung Lin wrote: > Hi, > > I tried to use ipset patch-o-matic-ng to patch SuSE 10.3 Beta2 kernel but it doesn't work. Here's the commands I run: > > 29 Aug 2007 09:59:20 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68838 Re: looking up a flow in the kernel structures given its identifier Em Tue, Aug 28, 2007 at 11:48:55PM +0200, Sirine Chaitou escreveu: > Thanks a lot for your help. > Well, my purpose is to overwrite the initial sequen 29 Aug 2007 03:59:23 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68814 Re: Crash report 2.6.22.5 Hi Pete, On 28/08/07, Pete Monroe <pizzlemonrizzle@gmail.com> wrote: > Hi, > > Sorry there's not more to go on here. > > A 32-bit firewall running th 28 Aug 2007 16:51:09 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68835 Very urgent: using network kernel header files from our own module Dear all, Can anyone tell me how can I call functions in the kernel sources header files from a different module? I explain: I am interested in using 28 Aug 2007 15:25:12 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68808 Very urgent: looking up a flow in the kernel structures given its identifier Hello, I am looking for a function which, supplied whith the tuple identifier (ip_src,ip_dst,p_src,p_dst), returns the corresponding skb. Does this 28 Aug 2007 12:21:04 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68806 [ANNOUNCE] ipset 2.3.0 released Hi, I'm happy to announce the new ipset release. The main changes are - jiffies rollover bug in iptree type fixed (reported by Lukasz Nierycho 28 Aug 2007 04:05:50 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68800 ipset patch-o-matic-ng-20070524.tar.bz2 doesn't work on SuSE 10.3 Beta2 kernel (2.6.22.3-7-bigsmp) Hi, I tried to use ipset patch-o-matic-ng to patch SuSE 10.3 Beta2 kernel but it doesn't work. Here's the commands I run: suse10-3:/usr/src/patch-o 27 Aug 2007 14:33:15 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68797 new target: -j TEE Hi @ all, The ROUTE targe seems to be finaly gone from pom-ng and we need a solution for the --tee function. So I deciced to use some parts from the 27 Aug 2007 05:08:32 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68781 [PATCH] Last vestiges of NFC Hello! It appears that the tweaking of NFC_* bits of nfcache was almost completely done away with around the times of these threads: http://lists.ne 25 Aug 2007 10:21:38 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68754 ipt_ACCOUNT 1.11 released Hello, I'm pleased to announce the release of ipt_ACCOUNT 1.11. Changelog: - Workaround for kernel bug when using one GB RAM and more This release 24 Aug 2007 05:34:42 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68749 [PATCH] netfilter: xt_tcpudp.c: wrong struct in udp_checkentry I found what looks like a copy-paste error in udp_checkentry, see patch below. It doesn't seem to have any effect on the x86 architecture but it does 24 Aug 2007 04:50:53 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68833 /proc/net/ip_conntrack trange behavior Hi, all When I checked /proc/net/ip_conntrack in my Linux server, I found some strange tracks like the following: [normal case] tcp 6 3 24 Aug 2007 00:43:01 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68745 netfilter hook does not see some packets ... I have a situation where my kernel module that registers the nf hooks does does not see some packets. Those packets seems to be those that are REDIREC 23 Aug 2007 05:23:16 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68731 The "value" of "-m dscp -dscp" for iptables command Hello, I find a bug in the manpage of iptables: The description for the value in option "-m dscp -dscp" should be modified to 0~63. The 22 Aug 2007 22:17:09 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68730 conntrack: Connection close event? Hi, this is my first request. I checked google, nf-faqs and conntrack-homepage without sufficient results for this problem: In Short: I need to kno 22 Aug 2007 11:01:24 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68724 Sharing information for many rules using same module Hi. I am working on simple netfilter match extension. It takes packet, analyzes it, and puts all info in structure. Then it looks at fields in matchin 21 Aug 2007 07:54:33 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68712 How to use the tcp_info structure in linux/tcp.h Dear All, I am looking to: 1. how to tell linux to look exactly to the flags of a TCP header (struct tcphdr * tcp_hdr; ... I want to access the tcp_hd 21 Aug 2007 00:32:05 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68707 [RFC] ipset: New set type iptreemap, userspace part Makefile | 2 - ipset_iptreemap.c | 209 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 210 insertions(+), 1 de 20 Aug 2007 13:37:11 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68698 [RFC] ipset: New set type iptreemap, kernel part include/linux/netfilter_ipv4/ip_set_iptreemap.h | 40 + net/ipv4/netfilter/Kconfig | 8 net/ipv4/netfilter/Makefile 20 Aug 2007 13:36:56 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68700 [RFC] ipset: New set type iptreemap Hi all, based on the feedback from Jan Engelhardt I've converted the fullipmap [1] set type I announced last week to manage the bitmaps with a tree 20 Aug 2007 13:36:45 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68699 xt_time 20070820 (iptables) iptables part. --- extensions/.time-testx | 2 extensions/libxt_time.man | 16 + extensions/libxt_time.c | 497 ++++++++++++++++++++++ 20 Aug 2007 12:20:36 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68691 xt_time 20070820 Hi, this is xt_time, posted for reference and discussion. Not perfect yet, but a start. <<< ipt_time from POM-ng augmented by: * xtables * ipv 20 Aug 2007 12:19:35 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68690 Kernel oops during netfilter memory allocation Hey there, I'm currently debugging a kernel oops with kernel 2.6.21.7 that occurs from time to time with our netfilter accounting module ipt_ACCOUNT 20 Aug 2007 09:08:08 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68688 A question about the skbuff handling - Thanks for your answer. Dear all, First of all, I would like to say that I got troubles when sending to the Netfilter-devel mailing list, that's why I am sending my request a 20 Aug 2007 08:32:38 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68687 Memory allocation inside target handler Hi there, I'm currently debugging a memory allocation issue in ipt_ACCOUNT running on 2.6.21.7. The module allocates memory using get_zeroed_page(GF 17 Aug 2007 08:17:00 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68655 Old ip6t_REJECT.h header file in iptables include dir Hello! Apologies if this is a bad place to report bugs/fixes, but bugzilla.netfilter.org appears to be down for some time now... I noticed some inco 17 Aug 2007 01:55:17 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68643 revisit: ipset nethash set type limited to /31 Hi, (Original post on netfilter@lists.netfilter.org: https://lists.netfilter.org/pipermail/netfilter/2007-August/069497.html) My employer has an in 16 Aug 2007 23:54:30 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68642 Locking issue Hi there, This email is regarding ebtables code i.e. bridge level filtering framework of netfilter. I have sent this email to ebtables mailing list a 16 Aug 2007 10:54:14 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68635 [PATCH 6/6] netfilter: xt_u32: fix length checks in u32_match_it It seems an extraneous trailing ';' has slipped into the skb length checks in u32_match_it() triggering an unconditional missmatch. Signed-off-by: An 16 Aug 2007 06:19:12 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68628 [RFC] [PATCH] ipset: New set type fullipmap, userspace part --- /dev/null +++ b/ipset_fullipmap.c @@ -0,0 +1,202 @@ +/* Copyright 2007 Sven Wegener <sven.wegener@stealer.net> + * + * This program is free softwa 16 Aug 2007 00:22:25 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68625 [RFC] [PATCH] ipset: New set type fullipmap, kernel part --- /dev/null +++ b/include/linux/netfilter_ipv4/ip_set_fullipmap.h @@ -0,0 +1,24 @@ +#ifndef __IP_SET_FULLIPMAP_H +#define __IP_SET_FULLIPMAP_H + +#i 16 Aug 2007 00:22:14 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68626 [RFC] [PATCH] ipset: New set type fullipmap Hi, I'd like to get your initial feedback on a new set type called fullipmap. The fullipmap type uses dynamically allocated bitmaps to represent eve 16 Aug 2007 00:22:07 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68624 Re: drivers/infiniband/mlx/mad.c misplaced ; On Wed, 2007-08-15 at 19:58 -0400, Dave Jones wrote: > Signed-off-by: Dave Jones <davej@redhat.com> > > diff --git a/drivers/infiniband/hw/mlx4/mad.c 15 Aug 2007 17:40:11 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68621 patch/ipset: fix typo in ipset error msg: "Range to large. Max is %d IPs in range\n" Hi Pablo & others, Here is a super minor patch. Request for clemency in advance if there is a better way to submitting such tiny patches... a branch 14 Aug 2007 20:53:39 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68616 [NETFILTER 04/04]: nf_nat_sip: don't drop short packets [NETFILTER]: nf_nat_sip: don't drop short packets Don't drop packets shorter than "SIP/2.0", just ignore them. Keep-alives can validly be shorter for 14 Aug 2007 09:40:19 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68603 [NETFILTER 03/04]: nf_conntrack_sip: fix SIP-URI parsing [NETFILTER]: nf_conntrack_sip: fix SIP-URI parsing The userinfo component of a SIP-URI is optional, continue parsing at the beginning of the SIP-URI 14 Aug 2007 09:40:17 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68602 [NETFILTER 02/04]: nf_conntrack_sip: check sname != NULL before calling strncmp [NETFILTER]: nf_conntrack_sip: check sname != NULL before calling strncmp The check got lost during the conversion to nf_conntrack. Signed-off-by: P 14 Aug 2007 09:40:16 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68601 [NETFILTER 01/04]: netfilter: xt_u32 bug correction [NETFILTER]: netfilter: xt_u32 bug correction An extraneous ";" makes xt_u32 match useless Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed- 14 Aug 2007 09:40:14 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68600 [NETFILTER 00/04]: Netfilter fixes Hi Dave, these patches fix an extraneous ";" in the new u32 match and three minor bugs in the SIP conntrack helper. Please apply, thanks. net/ipv4 14 Aug 2007 09:40:12 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68599 [PATCH] libnetfilter_conntrack: Add getter/setter for ids. 14 Aug 2007 00:20:24 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68585 [PATCH] libnetfilter_conntrack: Packet/byte counters are 64 bit 14 Aug 2007 00:19:22 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68584 [PATCH] libnetfilter_conntrack: Fix getters for big-endian 14 Aug 2007 00:18:20 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68583 [PATCH][CTNETLINK] Include the id in conntrack netlink events. I need the id in ctnetlink events for my application, so here's a patch to add it in case this wasn't left out intentionally. 13 Aug 2007 22:07:56 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68578 rule limitations? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For relatively obscure reasons, I am trying to build a set of rules that run into the hundreds of thous 13 Aug 2007 16:48:06 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68615 [PATCH] [334/2many] MAINTAINERS - NETFILTER/IPTABLES/IPCHAINS Add file pattern to MAINTAINER entry Signed-off-by: Joe Perches <joe@perches.com> diff --git a/MAINTAINERS b/MAINTAINERS index 7e3b438..bc571b8 1006 12 Aug 2007 23:32:32 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68576 [PATCH RFT] Improve iptables error reporting Hi Here's a small patch that reworks the iptables/ip6tables error reporting a bit. The purpose of this patch is to try to provide more resonable err 11 Aug 2007 16:21:04 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68561 Kernel panic (destroy_conntrack) unloading nf_conntrack_ftp before Hi all, that's my first "bug report" here, so please feel free to kick my ass for whatever I'm doing wrong ;-) Yesterday I experienced a kernel pani 10 Aug 2007 01:35:20 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68572 [PATCH] [LIBNFNETLINK] Fix endless loop on unknown netfilter attributes. Hi! [LIBNFNETLINK] Fix endless loop on unknown netfilter attributes. This prevents an endless loop when nfnl_check_attributes() sees an unknown attr 08 Aug 2007 12:59:14 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68538 [ANNOUNCE] Netfilter-related Linux kernel security updates Hi! Nowadays, Linux Kernel related security issues are handled through the -stable series. Since the Netfilter project has part of his software in th 08 Aug 2007 04:37:04 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68530 [PATCH] fix handling of netlink packets containing multiple messages -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I've found a bug in libnfnetlink which does not handle correctly netlink packets made of mor 07 Aug 2007 23:08:11 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68526 [2.6.22.2 review 81/84] Netfilter: Fix logging regression From: Patrick McHardy <kaber@trash.net> [NETFILTER]: Fix logging regression Loading one of the LOG target fails if a different target has already re 07 Aug 2007 13:49:36 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68524 patch netfilter-fix-logging-regression.patch queued to -stable tree This is a note to let you know that we have just queued up the patch titled Subject: Netfilter: Fix logging regression to the 2.6.22-stable tre 07 Aug 2007 11:43:48 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68523 patch nf_conntrack-don-t-track-locally-generated-special-icmp-error.patch queued to -stable tree This is a note to let you know that we have just queued up the patch titled Subject: nf_conntrack: don't track locally generated special ICMP er 07 Aug 2007 10:09:15 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68521 DNS rebinding Hello List, There is an article about DNS rebinding at the following site: http://crypto.stanford.edu/dns/ "Circumvention-Resistant Firewalls. Fire 07 Aug 2007 09:11:11 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68533 [ANNOUNCE] libnetfilter_queue release 0.0.15 Hi! The netfilter project presents libnetfilter_queue 0.0.15 libnetfilter_queue is a userspace library providing an API to packets that have been qu 07 Aug 2007 07:20:02 -0800 http://www.gossamer-threads.com/lists/iptables/devel/68520