Re: [PATCH] netfilter: nf_flow_table: add conntrack accounting

John Crispin wrote: > Currently traffic that hits the SW offloading path is not accounted for > and the conntrack counters will only show the first packet of the flow. > This patch adds a small helper function that gets called from the nf_hooks, > updating the accounting counters. Not sure this

Re: [PATCH] netfilter: nf_flow_table: add conntrack accounting

Hi John, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] [also build test ERROR on v4.18-rc2 next-20180625] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux

[PATCH] netfilter: nf_flow_table: add conntrack accounting

Currently traffic that hits the SW offloading path is not accounted for and the conntrack counters will only show the first packet of the flow. This patch adds a small helper function that gets called from the nf_hooks, updating the accounting counters. Signed-off-by: John Crispin ---

Re: [PATCH] ebtables: Use double quotes in #include statements for local headers

On Monday 2018-06-25 04:51, Duncan Roe wrote: > >With gcc configured as a cross-compiler, we now have a documented and >reproducable case where the use of angle brackets forces the use of headers in >system locations [...] >To reproduce: if necessary run up a Debian or Ubuntu VM (I used Ubuntu

Re: [PATCH nf v2] netfilter: nf_conncount: fix garbage collection confirm race

On Wed, Jun 20, 2018 at 2:32 PM, Florian Westphal wrote: Thanks for v2. It takes care of a corner case so that a duplicated entry won't be re-added in the second time. Just some nits in the commit message as below. Acked-by: Yi-Hung Wei > When doing list walk, we lookup the tuple in the

stable request: don't set F_IFACE on ipv6 fib lookups and followup fix

Hi. Please consider applying 47b7e7f82802 ("netfilter: don't set F_IFACE on ipv6 fib lookups") and its followup commit: cede24d1b21d ("netfilter: ip6t_rpfilter: provide input interface for route lookup") to 4.14.y. For 4.16.y and 4.17.y, please consider applying cede24d1b21d ("netfilter:

[PATCH nf-next v2] netfilter: utils: move nf_ip6_checksum* from ipv6 to utils

similar to previous change, this also allows to remove it from nf_ipv6_ops and avoid the indirection. It also removes the bogus dependency of nf_conntrack_ipv6 on ipv6 module: ipv6 checksum functions are built into kernel even if CONFIG_IPV6=m, but ipv6/netfilter.o isn't. Signed-off-by: Florian

[PATCH nf-next v2] netfilter: utils: move nf_ip_checksum* from ipv4 to utils

allows to make nf_ip_checksum_partial static, it no longer has an external caller. Signed-off-by: Florian Westphal --- no changes since v1. include/linux/netfilter_ipv4.h | 11 - net/ipv4/netfilter.c | 53 net/netfilter/utils.c

[PATCH iptables] doc: Fix spelling error in hashlimit section

Signed-off-by: Major Hayden --- extensions/libxt_hashlimit.man | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/libxt_hashlimit.man b/extensions/libxt_hashlimit.man index 5dbb3273..8a35d564 100644 --- a/extensions/libxt_hashlimit.man +++

Re: [nft PATCH] Makefile: Introduce Make_global.am

On Thursday 2018-06-21 20:00, Phil Sutter wrote: >On Thu, Jun 21, 2018 at 07:35:18PM +0200, Jan Engelhardt wrote: >> On Thursday 2018-06-21 17:05, Phil Sutter wrote: >> >> >> >+# This is _NOT_ the library release version, it's an API version. >> >> >> >+# Extracted from Chapter 6 "Library