[PATCH] Fix test building on musl libc

From: Kylie McClain On musl libc, sys/select.h is where FD_* definitions are located. Apologies for the repeated email, I realized I forgot to signoff on the commit. Signed-off-by: Kylie McClain --- examples/netfilter/nfct-daemon.c | 1 + 1 file

[PATCH limnl] Fix test building on musl libc

Apologies for the repeated email, I realized I forgot to sign-off on the commit. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

[PATCH] Fix test building on musl libc

From: Kylie McClain On musl libc, sys/select.h is where FD_* definitions are located. --- examples/netfilter/nfct-daemon.c | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/netfilter/nfct-daemon.c b/examples/netfilter/nfct-daemon.c index a97c2ec..d223ac2 100644

[PATCH lnf_conntrack] conntrack: labels: add function to fetch default config file location

Suggested-by: Pablo Neira Ayuso Signed-off-by: Florian Westphal --- include/internal/prototypes.h | 1 + include/libnetfilter_conntrack/libnetfilter_conntrack.h | 1 + src/conntrack/api.c | 11

[PATCH nf-next,v2] netfilter: nf_tables: allow to filter out rules by table and chain

From: Pablo Neira If the table and/or chain attributes are set in a rule dump request, we filter out the rules based on this selection. Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nf_tables_api.c | 38 ++ 1

Re: [PATCH iptables] connlabel: clarify default config path

On Wed, Jul 20, 2016 at 11:58:24AM +0200, Florian Westphal wrote: > Pablo suggested to print full config file path for connlabel.conf > parsing errors. > > Signed-off-by: Florian Westphal > --- > Pablo, > > I could also add the suggested nfct_labels_get_path() to lnf_conntrack

Re: [PATCH nft] ct: use nftables sysconf location for connlabel configuration

On Wed, Jul 20, 2016 at 12:17:05PM +0200, Florian Westphal wrote: > Instead of using /etc/xtables use the nftables syconfdir. > Also update error message to tell which label failed translation > and which config file was used for this: > > nft add filter input ct label foo > :1:27-29: Error:

Re: [PATCH nf-next] netfilter: nf_tables: allow to filter out rules by table and chain

I fixed the NULL pointer dereference in the patch below. I also have posted the example nft-rule-selective-get.c to test the patch (here http://marc.info/?l=netfilter-devel=146902182423018=2). It works fine with the given test : file dummy.rules: add table filter { chain input {

[PATCH iptables] extensions: libxt_NFLOG: add unit test to cover nflog-size with zero

From: Liping Zhang "--nflog-size 0" is valid and we must display it appropriately. Suggested-by: Pablo Neira Ayuso Signed-off-by: Liping Zhang --- extensions/libxt_NFLOG.t | 1 + 1 file changed, 1 insertion(+)

[PATCH nft] ct: use nftables sysconf location for connlabel configuration

Instead of using /etc/xtables use the nftables syconfdir. Also update error message to tell which label failed translation and which config file was used for this: nft add filter input ct label foo :1:27-29: Error: /etc/nftables/connlabel.conf: could not parse conntrack label "foo"

Re: [PATCH nf-next] netfilter: nf_tables: allow to filter out rules by table and chain

On 19/07/2016 12:20, Pablo Neira Ayuso wrote: If the table and/or chain attributes are set in a rule dump request, we filter out the rules based on this selection. Signed-off-by: Pablo Neira Ayuso --- Compiled tested only. net/netfilter/nf_tables_api.c | 39

[PATCH iptables] connlabel: clarify default config path

Pablo suggested to print full config file path for connlabel.conf parsing errors. Signed-off-by: Florian Westphal --- Pablo, I could also add the suggested nfct_labels_get_path() to lnf_conntrack but that means next iptables-release depends on a new library version. Given

答复: 答复: [PATCH 1/1] netfilter: Add helper array register/unregister functions

Ok, I get it. Thanks Pablo. Another question, Liping found the port style of sip, irc, and tftp was different with ftp. It should be use iterator "i" to generate name for them. Then should I update the original patch or create another one to correct it? BTW, I am sorry about that. I didn't

Re: [PATCH nf-next 3/3] netfilter: nft_log: fix snaplen does not truncate packets

Hi Pablo, 2016-07-20 16:25 GMT+08:00 Pablo Neira Ayuso : > On Wed, Jul 20, 2016 at 07:00:13AM +0800, Liping Zhang wrote: >> I find that nftables already support this feature, the following command >> mean to truncate packets >> to 100 bytes before logging to the userspace:

Re: 答复: [PATCH 1/1] netfilter: Add helper array register/unregister functions

On Wed, Jul 20, 2016 at 08:31:13AM +0800, 高峰 wrote: > Thanks Pablo. > > I had used the script "checkpatch.pl" to check the patch file. > There was no indentation error reported. > > So could you give me more tails please or point one indentation error? > Then I could correct it by myself next

Re: [PATCH 1/1] netfilter: Add helper array register/unregister functions

On Wed, Jul 20, 2016 at 08:51:17AM +0800, Liping Zhang wrote: > 2016-07-18 11:39 GMT+08:00 : > > From: Gao Feng > > > > Add nf_ct_helper_init, nf_conntrack_helpers_register/unregister > > functions to enhance the conntrack helper codes. > > I think this patch