On Tue, May 31, 2016 at 12:08:57AM +0200, Arturo Borrero Gonzalez wrote:
> On 30 May 2016 at 21:47, Laura Garcia Liebana wrote:
> > Add translation for multiport to nftables, which it's supported natively.
> >
> > Examples:
> >
> > $ sudo iptables-translate -t filter -A INPUT -p
On 30 May 2016 at 21:47, Laura Garcia Liebana wrote:
> Add translation for multiport to nftables, which it's supported natively.
>
> Examples:
>
> $ sudo iptables-translate -t filter -A INPUT -p tcp -m multiport --dports
> 80,81 -j ACCEPT
> nft add rule ip filter INPUT ip
Add translation for multiport to nftables, which it's supported natively.
Examples:
$ sudo iptables-translate -t filter -A INPUT -p tcp -m multiport --dports 80,81
-j ACCEPT
nft add rule ip filter INPUT ip protocol tcp tcp dport { 80,81} counter accept
$ sudo iptables-translate -t filter -A
On 30 May 2016 at 19:22, Pablo Neira Ayuso wrote:
> On Mon, May 23, 2016 at 12:08:11PM +0200, Florian Westphal wrote:
>> Arturo Borrero Gonzalez wrote:
>> > On 23 May 2016 at 08:49, Arturo Borrero Gonzalez
>> >
On 30 May 2016 at 20:27, Laura Garcia Liebana wrote:
> Add translation for multiport to nftables, which it's supported natively.
>
> Examples:
>
> $ sudo iptables-translate -t filter -A INPUT -p tcp -m multiport --dports
> 80,81 -j ACCEPT
> nft add rule ip filter INPUT ip
Applied, thanks.
I have rewritten the email subject, the typical jargon word for this
is "consolidation" instead of centralize.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at
On Mon, May 30, 2016 at 06:35:40PM +0200, Carlos Falgueras García wrote:
> Checks the commentary maximum length and reports to user in case of error.
Also applied and I have rewritten the subject and description too to
indicate why we need this check.
--
To unsubscribe from this list: send the
On Mon, May 23, 2016 at 12:08:11PM +0200, Florian Westphal wrote:
> Arturo Borrero Gonzalez wrote:
> > On 23 May 2016 at 08:49, Arturo Borrero Gonzalez
> > wrote:
> > > This was in the log of my system boot today:
> > >
> >
> >
On Mon, May 30, 2016 at 07:03:42PM +0200, Carlos Falgueras García wrote:
> diff --git a/src/set.c b/src/set.c
> index dbea93b..65b8f1e 100644
> --- a/src/set.c
> +++ b/src/set.c
> @@ -291,10 +295,16 @@ struct nftnl_set *nftnl_set_clone(const struct
> nftnl_set *set)
>
> memcpy(newset,
Check all strdup possible error and treat it consequently.
Signed-off-by: Carlos Falgueras García
---
src/chain.c | 12
src/expr/data_reg.c | 6 ++
src/expr/dynset.c| 4
src/expr/immediate.c | 2 ++
src/expr/log.c | 4
Checks the commentary maximum length and reports to user in case of error.
Example:
> nft add table t
> nft add chain t c
> nft add rule t c ip saddr 1.1.1.1 counter comment "abc...xyz" # len > 128
:1:47-N: Error: Comment too long. 128 characters maximum allowed
add rule t c ip saddr 1.1.1.1
It make more sense if this rule can not be empty, so it can be used both as
mandatory as optional. The higher rule should choice use it in a way or another.
Signed-off-by: Carlos Falgueras García
---
src/parser_bison.y | 25 +++--
1 file changed, 15
Thanks for the feedback, I will send now two new patches with the
corrections.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, May 30, 2016 at 05:41:00PM +0200, Carlos Falgueras García wrote:
> Checks the commentary maximum length and reports to user in case of error.
>
> The commentary rule of the parser was simplified in order to centralize the
> length checking.
>
> Signed-off-by: Carlos Falgueras García
Checks the commentary maximum length and reports to user in case of error.
The commentary rule of the parser was simplified in order to centralize the
length checking.
Signed-off-by: Carlos Falgueras García
---
include/parser.h | 6 ++
src/parser_bison.y | 31
Hi!
The Netfilter project proudly presents:
libnftnl 1.0.6
libnftnl is a userspace library providing a low-level netlink
programming interface (API) to the in-kernel nf_tables subsystem. The
library libnftnl has been previously known as libnftables. This
library is currently used by the
On Wed, May 25, 2016 at 11:13:57AM +0200, Pablo Neira Ayuso wrote:
> Compare the helper name up to the dash, so we can catch if the user has
> supplied duplicated ports via module parameters.
>
> Reported-by: Feng Gao
> Reported-by: Taehee Yoo
>
On Sun, May 29, 2016 at 06:08:07PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> Properly detect tchandle strings in the lexer without quotation marks,
> otherwise nft will complain the syntax error like this:
>
> # nft add rule filter test meta priority set
On Sun, May 29, 2016 at 07:25:37PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> If we add a chain and specify the nonexistent chain type,
> chain_type_name_lookup
> will return a NULL pointer, and meet the assert condition in xstrdup.
> Fix crash like this:
>
On Sun, May 29, 2016 at 06:08:09PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> Also delete the redundant '\n'.
> This fixes:
>
> # nft add rule filter test meta priority set root
> # nft list chain filter test
> table ip filter {
> chain test {
>
On Sun, May 29, 2016 at 06:08:08PM +0800, Liping Zhang wrote:
> From: Liping Zhang
>
> For example, after we add rule to set priority 1:2, it will be displayed in
> network
> byte order as 0200:0100, this is wrong:
>
> # nft add rule filter test meta priority set
On Fri, May 27, 2016 at 04:56:55PM +0200, Carlos Falgueras García wrote:
> The set element comment is stored in nftnl_set_elem->user.data using
> libnftnl/udata infrastructure. This allows store multiple variable length
> user data into set element.
Applied, thanks.
--
To unsubscribe from this
On Fri, May 27, 2016 at 04:56:54PM +0200, Carlos Falgueras García wrote:
> All attributes are passed by copy, so user data should be copied too.
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
On Thu, May 26, 2016 at 07:08:10PM +0200, Paolo Abeni wrote:
> With the commit 48e8aa6e3137 ("ipv6: Set FLOWI_FLAG_KNOWN_NH at
> flowi6_flags") ip6_pol_route() callers were asked to to set the
> FLOWI_FLAG_KNOWN_NH properly and xt_TEE was updated accordingly,
> but with the later refactor in
On Fri, May 27, 2016 at 03:34:13PM -0400, Chris Metcalf wrote:
> >Does TILE never speculate reads? Because in that case the control
> >dependency already provides a full load->load,store barrier and you'd
> >want smp_acquire__after_ctrl_dep() to be a barrier() instead of
> >smp_rmb().
>
> Yes,
25 matches
Mail list logo