Re: netfilter: nft_ct: add zone id set support

2017-02-23 Thread Florian Westphal
Pablo Neira Ayuso wrote: > On Thu, Feb 23, 2017 at 12:34:35PM +0100, Florian Westphal wrote: > > Yes, Dan reported this and a patch is queued at > > http://patchwork.ozlabs.org/patch/727573/ > > > > Pablo, any reason why this is still waiting? > > I just flushing out my

Re: netfilter: nft_ct: add zone id set support

2017-02-23 Thread Pablo Neira Ayuso
On Thu, Feb 23, 2017 at 12:34:35PM +0100, Florian Westphal wrote: > Geert Uytterhoeven wrote: > > On Wed, Feb 22, 2017 at 8:02 PM, Linux Kernel Mailing List > > wrote: > > > Web: > > >

Re: netfilter: nft_ct: add zone id set support

2017-02-23 Thread Florian Westphal
Geert Uytterhoeven wrote: > On Wed, Feb 22, 2017 at 8:02 PM, Linux Kernel Mailing List > wrote: > > Web: > > https://git.kernel.org/torvalds/c/edee4f1e92458299505ff007733f676b00c516a1 > > Commit:

Re: netfilter: nft_ct: add zone id set support

2017-02-23 Thread Geert Uytterhoeven
c516a1 > Parent: 5c178d81b69f08ca3195427a6ea9a46d9af23127 > Refname:refs/heads/master > Author: Florian Westphal <f...@strlen.de> > AuthorDate: Fri Feb 3 13:35:50 2017 +0100 > Committer: Pablo Neira Ayuso <pa...@netfilter.org> > CommitDate: Wed Feb 8 14:16:23 2017 +0100 > > netfi

[PATCH 11/21] netfilter: nft_ct: add zone id set support

2017-02-12 Thread Pablo Neira Ayuso
From: Florian Westphal zones allow tracking multiple connections sharing identical tuples, this is needed e.g. when tracking distinct vlans with overlapping ip addresses (conntrack is l2 agnostic). Thus the zone has to be set before the packet is picked up by the connection