Re: build failure if --with-xtables [WAS: nftables 0.7 release]
On 3 January 2017 at 22:56, Robby Workmanwrote: > On Tue, 20 Dec 2016 21:46:36 +0100 > Pablo Neira Ayuso wrote: > >> Hi! >> >> The Netfilter project proudly presents: >> >> nftables 0.7 >> >> This release contains many accumulated bug fixes and new features >> available up to the (upcoming) Linux 4.10-rc1 kernel release. >> >> * Facilitate migration from iptables to nftables: >> >> At compilation time, you have to pass this option. >> >> # ./configure --with-xtables > > > I get a build failure with this option - bug filed with some details: > https://bugzilla.netfilter.org/show_bug.cgi?id=1110 the required xlate methods of iptables have not been released so far. They are not present in iptables 1.6.0. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH xtables-addons] build: support for Linux 4.10
On Monday 2016-12-26 16:14, Ralph Sennhauser wrote: >Commit 613dbd95723aee7abd16860745691b6c7bda20dc (netfilter: >x_tables: move hook state into xt_action_param structure) changes the >struct xt_action_param, accommodate for it. Both applied. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH net-next 5/8] bridge: use __vlan_hwaccel helpers
This removes assumption than vlan_tci != 0 when tag is present. Signed-off-by: Michał Mirosław--- net/bridge/br_netfilter_hooks.c | 15 +-- net/bridge/br_private.h | 2 +- net/bridge/br_vlan.c| 6 +++--- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c index 8ca6a929bf12..b62177a980e1 100644 --- a/net/bridge/br_netfilter_hooks.c +++ b/net/bridge/br_netfilter_hooks.c @@ -682,10 +682,8 @@ static int br_nf_push_frag_xmit(struct net *net, struct sock *sk, struct sk_buff return 0; } - if (data->vlan_tci) { - skb->vlan_tci = data->vlan_tci; - skb->vlan_proto = data->vlan_proto; - } + if (data->vlan_proto) + __vlan_hwaccel_put_tag(skb, data->vlan_proto, data->vlan_tci); skb_copy_to_linear_data_offset(skb, -data->size, data->mac, data->size); __skb_push(skb, data->encap_size); @@ -749,8 +747,13 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff data = this_cpu_ptr(_frag_data_storage); - data->vlan_tci = skb->vlan_tci; - data->vlan_proto = skb->vlan_proto; + if (skb_vlan_tag_present(skb)) { + data->vlan_tci = skb->vlan_tci; + data->vlan_proto = skb->vlan_proto; + } else { + data->vlan_proto = 0; + } + data->encap_size = nf_bridge_encap_header_len(skb); data->size = ETH_HLEN + data->encap_size; diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 8ce621e8345c..2efbdaf9ae1b 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -819,7 +819,7 @@ static inline int br_vlan_get_tag(const struct sk_buff *skb, u16 *vid) int err = 0; if (skb_vlan_tag_present(skb)) { - *vid = skb_vlan_tag_get(skb) & VLAN_VID_MASK; + *vid = skb_vlan_tag_get_id(skb); } else { *vid = 0; err = -EINVAL; diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index b6de4f457161..d25a5b34dc76 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -377,7 +377,7 @@ struct sk_buff *br_handle_vlan(struct net_bridge *br, } if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED) - skb->vlan_tci = 0; + __vlan_hwaccel_clear_tag(skb); out: return skb; } @@ -444,8 +444,8 @@ static bool __allowed_ingress(const struct net_bridge *br, __vlan_hwaccel_put_tag(skb, br->vlan_proto, pvid); else /* Priority-tagged Frame. -* At this point, We know that skb->vlan_tci had -* VLAN_TAG_PRESENT bit and its VID field was 0x000. +* At this point, we know that skb->vlan_tci VID +* field was 0. * We update only VID field and preserve PCP field. */ skb->vlan_tci |= pvid; -- 2.11.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH net-next] nfnetlink/queue: use __vlan_hwaccel helpers
Signed-off-by: Michał Mirosław--- net/netfilter/nfnetlink_queue.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 3ee0b8a000a4..8c7923aac826 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -,8 +,9 @@ static int nfqa_parse_bridge(struct nf_queue_entry *entry, if (!tb[NFQA_VLAN_TCI] || !tb[NFQA_VLAN_PROTO]) return -EINVAL; - entry->skb->vlan_tci = ntohs(nla_get_be16(tb[NFQA_VLAN_TCI])); - entry->skb->vlan_proto = nla_get_be16(tb[NFQA_VLAN_PROTO]); + __vlan_hwaccel_put_tag(entry->skb, + nla_get_be16(tb[NFQA_VLAN_PROTO]), + ntohs(nla_get_be16(tb[NFQA_VLAN_TCI]))); } if (nfqa[NFQA_L2HDR]) { -- 2.11.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: build failure if --with-xtables [WAS: nftables 0.7 release]
On Tue, 20 Dec 2016 21:46:36 +0100 Pablo Neira Ayusowrote: > Hi! > > The Netfilter project proudly presents: > > nftables 0.7 > > This release contains many accumulated bug fixes and new features > available up to the (upcoming) Linux 4.10-rc1 kernel release. > > * Facilitate migration from iptables to nftables: > > At compilation time, you have to pass this option. > > # ./configure --with-xtables I get a build failure with this option - bug filed with some details: https://bugzilla.netfilter.org/show_bug.cgi?id=1110 -RW -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] uapi: use wildcards to list files
On Tuesday, January 3, 2017 3:35:44 PM CET Nicolas Dichtel wrote: > Regularly, when a new header is created in include/uapi/, the developer > forgets to add it in the corresponding Kbuild file. This error is usually > detected after the release is out. > > In fact, all headers under include/uapi/ should be exported, so let's > use wildcards. I think the idea makes a lot of sense: if a header is in uapi, we should really export it. However, using a wildcard expression seems a bit backwards here, I think we should make this implicit and not have the Kbuild file at all. The "header-y" syntax was originally added back when the uapi headers were mixed with the internal headers in the same directory. After David Howells introduced the separate directory for uapi, it has become a bit redundant. Can you try to modify scripts/Makefile.headersinst instead so we can simply remove the Kbuild files entirely? Arnd -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH net-next v2 16/27] nfnetlink/queue: use __vlan_hwaccel helpers
Signed-off-by: Michał Mirosław--- net/netfilter/nfnetlink_queue.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 3ee0b8a000a4..8c7923aac826 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -,8 +,9 @@ static int nfqa_parse_bridge(struct nf_queue_entry *entry, if (!tb[NFQA_VLAN_TCI] || !tb[NFQA_VLAN_PROTO]) return -EINVAL; - entry->skb->vlan_tci = ntohs(nla_get_be16(tb[NFQA_VLAN_TCI])); - entry->skb->vlan_proto = nla_get_be16(tb[NFQA_VLAN_PROTO]); + __vlan_hwaccel_put_tag(entry->skb, + nla_get_be16(tb[NFQA_VLAN_PROTO]), + ntohs(nla_get_be16(tb[NFQA_VLAN_TCI]))); } if (nfqa[NFQA_L2HDR]) { -- 2.11.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH net-next v2 13/27] bridge: use __vlan_hwaccel helpers
This removes assumption than vlan_tci != 0 when tag is present. Signed-off-by: Michał Mirosław--- net/bridge/br_netfilter_hooks.c | 15 +-- net/bridge/br_private.h | 2 +- net/bridge/br_vlan.c| 6 +++--- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c index 8ca6a929bf12..b62177a980e1 100644 --- a/net/bridge/br_netfilter_hooks.c +++ b/net/bridge/br_netfilter_hooks.c @@ -682,10 +682,8 @@ static int br_nf_push_frag_xmit(struct net *net, struct sock *sk, struct sk_buff return 0; } - if (data->vlan_tci) { - skb->vlan_tci = data->vlan_tci; - skb->vlan_proto = data->vlan_proto; - } + if (data->vlan_proto) + __vlan_hwaccel_put_tag(skb, data->vlan_proto, data->vlan_tci); skb_copy_to_linear_data_offset(skb, -data->size, data->mac, data->size); __skb_push(skb, data->encap_size); @@ -749,8 +747,13 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff data = this_cpu_ptr(_frag_data_storage); - data->vlan_tci = skb->vlan_tci; - data->vlan_proto = skb->vlan_proto; + if (skb_vlan_tag_present(skb)) { + data->vlan_tci = skb->vlan_tci; + data->vlan_proto = skb->vlan_proto; + } else { + data->vlan_proto = 0; + } + data->encap_size = nf_bridge_encap_header_len(skb); data->size = ETH_HLEN + data->encap_size; diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 8ce621e8345c..2efbdaf9ae1b 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -819,7 +819,7 @@ static inline int br_vlan_get_tag(const struct sk_buff *skb, u16 *vid) int err = 0; if (skb_vlan_tag_present(skb)) { - *vid = skb_vlan_tag_get(skb) & VLAN_VID_MASK; + *vid = skb_vlan_tag_get_id(skb); } else { *vid = 0; err = -EINVAL; diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index b6de4f457161..d25a5b34dc76 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -377,7 +377,7 @@ struct sk_buff *br_handle_vlan(struct net_bridge *br, } if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED) - skb->vlan_tci = 0; + __vlan_hwaccel_clear_tag(skb); out: return skb; } @@ -444,8 +444,8 @@ static bool __allowed_ingress(const struct net_bridge *br, __vlan_hwaccel_put_tag(skb, br->vlan_proto, pvid); else /* Priority-tagged Frame. -* At this point, We know that skb->vlan_tci had -* VLAN_TAG_PRESENT bit and its VID field was 0x000. +* At this point, we know that skb->vlan_tci VID +* field was 0. * We update only VID field and preserve PCP field. */ skb->vlan_tci |= pvid; -- 2.11.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] uapi: use wildcards to list files
From: Nicolas DichtelDate: Tue, 3 Jan 2017 15:35:44 +0100 > Regularly, when a new header is created in include/uapi/, the developer > forgets to add it in the corresponding Kbuild file. This error is usually > detected after the release is out. > > In fact, all headers under include/uapi/ should be exported, so let's > use wildcards. > > After this patch, the following files, which were not exported, are now > exported: ... > > Signed-off-by: Nicolas Dichtel Acked-by: David S. Miller -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] uapi: use wildcards to list files
Regularly, when a new header is created in include/uapi/, the developer forgets to add it in the corresponding Kbuild file. This error is usually detected after the release is out. In fact, all headers under include/uapi/ should be exported, so let's use wildcards. After this patch, the following files, which were not exported, are now exported: drm/vgem_drm.h drm/armada_drm.h drm/omap_drm.h drm/etnaviv_drm.h rdma/qedr-abi.h linux/bcache.h linux/kfd_ioctl.h linux/cryptouser.h linux/kcm.h linux/kcov.h linux/seg6_iptunnel.h linux/stm.h linux/seg6.h linux/auto_dev-ioctl.h linux/userio.h linux/pr.h linux/wil6210_uapi.h linux/nilfs2_ondisk.h linux/hash_info.h linux/seg6_genl.h linux/seg6_hmac.h linux/batman_adv.h linux/nsfs.h linux/qrtr.h linux/btrfs_tree.h linux/coresight-stm.h linux/dma-buf.h linux/module.h linux/lightnvm.h linux/nilfs2_api.h Signed-off-by: Nicolas Dichtel--- This patch is built against linus tree. I don't know if it should be done against antoher tree. Comments are welcomed, Nicolas include/uapi/asm-generic/Kbuild| 36 +-- include/uapi/drm/Kbuild| 22 +- include/uapi/linux/Kbuild | 463 + include/uapi/linux/android/Kbuild | 2 +- include/uapi/linux/byteorder/Kbuild| 3 +- include/uapi/linux/caif/Kbuild | 3 +- include/uapi/linux/can/Kbuild | 6 +- include/uapi/linux/dvb/Kbuild | 9 +- include/uapi/linux/hdlc/Kbuild | 2 +- include/uapi/linux/hsi/Kbuild | 2 +- include/uapi/linux/iio/Kbuild | 3 +- include/uapi/linux/isdn/Kbuild | 2 +- include/uapi/linux/mmc/Kbuild | 2 +- include/uapi/linux/netfilter/Kbuild| 88 +- include/uapi/linux/netfilter/ipset/Kbuild | 5 +- include/uapi/linux/netfilter_arp/Kbuild| 3 +- include/uapi/linux/netfilter_bridge/Kbuild | 18 +- include/uapi/linux/netfilter_ipv4/Kbuild | 10 +- include/uapi/linux/netfilter_ipv6/Kbuild | 13 +- include/uapi/linux/nfsd/Kbuild | 6 +- include/uapi/linux/raid/Kbuild | 3 +- include/uapi/linux/spi/Kbuild | 2 +- include/uapi/linux/sunrpc/Kbuild | 2 +- include/uapi/linux/tc_act/Kbuild | 15 +- include/uapi/linux/tc_ematch/Kbuild| 5 +- include/uapi/linux/usb/Kbuild | 12 +- include/uapi/linux/wimax/Kbuild| 2 +- include/uapi/misc/Kbuild | 2 +- include/uapi/mtd/Kbuild| 6 +- include/uapi/rdma/Kbuild | 17 +- include/uapi/rdma/hfi/Kbuild | 2 +- include/uapi/scsi/Kbuild | 5 +- include/uapi/scsi/fc/Kbuild| 5 +- include/uapi/sound/Kbuild | 16 +- include/uapi/video/Kbuild | 4 +- include/uapi/xen/Kbuild| 5 +- 36 files changed, 47 insertions(+), 754 deletions(-) diff --git a/include/uapi/asm-generic/Kbuild b/include/uapi/asm-generic/Kbuild index b73de7bb7a62..8e52cdc3d941 100644 --- a/include/uapi/asm-generic/Kbuild +++ b/include/uapi/asm-generic/Kbuild @@ -1,36 +1,2 @@ # UAPI Header export list -header-y += auxvec.h -header-y += bitsperlong.h -header-y += errno-base.h -header-y += errno.h -header-y += fcntl.h -header-y += int-l64.h -header-y += int-ll64.h -header-y += ioctl.h -header-y += ioctls.h -header-y += ipcbuf.h -header-y += kvm_para.h -header-y += mman-common.h -header-y += mman.h -header-y += msgbuf.h -header-y += param.h -header-y += poll.h -header-y += posix_types.h -header-y += resource.h -header-y += sembuf.h -header-y += setup.h -header-y += shmbuf.h -header-y += shmparam.h -header-y += siginfo.h -header-y += signal-defs.h -header-y += signal.h -header-y += socket.h -header-y += sockios.h -header-y += stat.h -header-y += statfs.h -header-y += swab.h -header-y += termbits.h -header-y += termios.h -header-y += types.h -header-y += ucontext.h -header-y += unistd.h +header-y += $(notdir $(wildcard $(srctree)/include/uapi/asm-generic/*.h)) diff --git a/include/uapi/drm/Kbuild b/include/uapi/drm/Kbuild index 9355dd8eff3b..75f4cde6d9ba 100644 --- a/include/uapi/drm/Kbuild +++ b/include/uapi/drm/Kbuild @@ -1,22 +1,2 @@ # UAPI Header export list -header-y += drm.h -header-y += drm_fourcc.h -header-y += drm_mode.h -header-y += drm_sarea.h -header-y += amdgpu_drm.h -header-y += exynos_drm.h -header-y += i810_drm.h -header-y += i915_drm.h -header-y += mga_drm.h -header-y += nouveau_drm.h -header-y += qxl_drm.h -header-y += r128_drm.h -header-y += radeon_drm.h -header-y += savage_drm.h -header-y += sis_drm.h -header-y += tegra_drm.h -header-y += via_drm.h -header-y += vmwgfx_drm.h -header-y += msm_drm.h -header-y += vc4_drm.h -header-y += virtgpu_drm.h +header-y += $(notdir $(wildcard $(srctree)/include/uapi/drm/*.h)) diff --git a/include/uapi/linux/Kbuild
Re: [PATCH libnftnl] src: ct: add average bytes per packet counter support
Also applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next 2/2] netfilter: nft_ct: add average bytes per packet support
On Sun, Dec 25, 2016 at 07:58:59PM +0800, Liping Zhang wrote: > From: Liping Zhang> > Similar to xt_connbytes, user can match how many average bytes per packet > a connection has transferred so far. Also applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys
On Sun, Dec 25, 2016 at 07:58:58PM +0800, Liping Zhang wrote: > From: Liping Zhang> > We missed to add descriptions about NFT_CT_LABELS, NFT_CT_PKTS and > NFT_CT_BYTES, now add it. Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nft] scanner: fix search_in_include_path test
On Mon, Jan 02, 2017 at 04:30:01PM +0100, Anatole Denis wrote: > clang emits a warning in this function as we're using a boolean as the third > argument to strncmp. Indeed, this function only checks the first byte of the > path as is, so files beginning with . will be incorrectly included from the > current working directory instead of the include directory. Applied, thanks Anatole. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html