[PATCH v2] tests: shell: fetch rule handle with '-a' option and then delete rule

Fetch rule handle and then delete rule via that rule handle. Signed-off-by: Harsha Sharma --- Changes in v2: - No need to use grep tests/shell/testcases/cache/0001_cache_handling_0 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git

[PATCH] netfilter: nf_tables: Add extra bits for object handles

Add extra bits for table, chain, sets and object handle. Signed-off-by: Harsha Sharma --- net/netfilter/nf_tables_trace.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_tables_trace.c b/net/netfilter/nf_tables_trace.c index

Re: [PATCH] tests: shell: fetch rule handle with '-a' option and then delete

On Wed, Jan 24, 2018 at 04:47:39AM +0530, Harsha Sharma wrote: > Fetch rule handle and then delete rule via that rule handle. > > Signed-off-by: Harsha Sharma > --- > tests/shell/testcases/cache/0001_cache_handling_0 | 3 ++- > 1 file changed, 2 insertions(+), 1

[PATCH] tests: shell: fetch rule handle with '-a' option and then delete

Fetch rule handle and then delete rule via that rule handle. Signed-off-by: Harsha Sharma --- tests/shell/testcases/cache/0001_cache_handling_0 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/shell/testcases/cache/0001_cache_handling_0

[PATCH] doc/nft.xml: Add deletion for objects via handles

Add documentation for deletion of tables, chains, sets and objects via unique handles. Signed-off-by: Harsha Sharma --- doc/nft.xml | 37 - 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/doc/nft.xml b/doc/nft.xml

Re: [PATCH] build: do install libipset/args.h

Hi Jan, On Mon, 22 Jan 2018, Jan Engelhardt wrote: > libipset/types.h includes args.h, therefore args.h must be installed > too. > > Signed-off-by: Jan Engelhardt > --- > include/libipset/Makefile.am | 1 + > 1 file changed, 1 insertion(+) Yes, it's required. Thanks, patch

Re: question about UNDEFINE/REDEFINE

Hello Pablo, Dne úterý 23. ledna 2018 12:07:28 CET, Pablo Neira Ayuso napsal(a): > I'm asking here because I would need to understand better how you've > structured your scripts, if you could explain a bit more, we would > appreciate. I have packed an excerpt of a playground FW with two VLANs 3

[PATCH nft 3/6] src: delete flowtable

This patch allows you to delete an existing flowtable: # nft delete flowtable x m Signed-off-by: Pablo Neira Ayuso --- include/mnl.h | 3 +++ include/netlink.h | 3 +++ src/evaluate.c | 1 + src/mnl.c | 16 src/netlink.c | 18

[PATCH nft 4/6] src: flow offload support

This patch allows us to refer to existing flowtables: # nft add rule x x flow offload @m Packets matching this rule create an entry in the flow table 'm', hence, follow up packets that get to the flowtable at ingress bypass the classic forwarding path. Signed-off-by: Pablo Neira Ayuso

[PATCH nft 6/6] doc: nft: document flowtable

Document the new flowtable objects available since Linux kernel 4.16-rc. Signed-off-by: Pablo Neira Ayuso --- doc/nft.xml | 103 1 file changed, 103 insertions(+) diff --git a/doc/nft.xml b/doc/nft.xml index

[PATCH nft 1/6] src: support for flowtable listing

This patch allows you to dump existing flowtable. # nft list ruleset table ip x { flowtable x { hook ingress priority 10 devices = { eth0, tap0 } } } You can also list existing flowtables via: # nft list flowtables table ip x {

[PATCH nft 5/6] tests: shell: add flowtable tests

Add basic flowtable tests. Signed-off-by: Pablo Neira Ayuso --- tests/shell/run-tests.sh | 4 ++- tests/shell/testcases/flowtable/0001flowtable_0| 33 ++ .../testcases/flowtable/0002create_flowtable_0 | 12

[PATCH nft 2/6] src: add support to add flowtables

This patch allows you to create flowtable: # nft add table x # nft add flowtable x m { hook ingress priority 10\; devices = { eth0, wlan0 }\; } You have to specify hook and priority. So far, only the ingress hook is supported. The priority represents where this flowtable is placed in the

iptables-save - suggest patch to add functionality

Package: iptables Dear Maintainers, Please find attached a suggest patch to add functionality in iptables-save. --- 1) Adding -z or --zero option: Reset to zero counters of the chains. Example without: iptables-save

[PATCH libnftnl 1/2] src: add flowtable support

This patch allows you to add, delete and list flowtable through the existing netlink interface. Signed-off-by: Pablo Neira Ayuso --- examples/Makefile.am| 12 + examples/nft-flowtable-add.c| 136 +++ examples/nft-flowtable-del.c| 122

[PATCH libnftnl 2/2] expr: add flow offload expression

This patch adds the new "flow_offload" expression to select what flows are offloaded to an existing flowtable. Signed-off-by: Pablo Neira Ayuso --- include/libnftnl/expr.h | 4 + include/linux/netfilter/nf_tables.h | 11 +++ src/Makefile.am

Re: question about UNDEFINE/REDEFINE

Hi David, On Mon, Jan 22, 2018 at 02:53:09PM +0100, David Fabian wrote: > Hello, > > we have a firewall written in bash (using iptables) that is organized by > customer VLANs. Each VLAN has its own set of bash variables holding things > like uplink iface names, gateway IPs, etc. We want to