Re: [nft PATCH] parser_bison: Fix for ECN keyword in LHS of relational

On Fri, Aug 24, 2018 at 01:26:57PM +0200, Phil Sutter wrote: > Of all possible TCP flags, 'ecn' is special since it is recognized by > lex as a keyword (there is a a field in IPv4 and IPv6 headers with the > same name). Therefore it is listed in keyword_expr, but that was > sufficient for RHS

Re: [nft PATCH] parser_bison: Fix for ECN keyword in LHS of relational

Hi Phil, On Wed, Oct 03, 2018 at 09:00:51PM +0200, Phil Sutter wrote: > On Wed, Oct 03, 2018 at 05:28:24PM +0200, Pablo Neira Ayuso wrote: > > On Fri, Aug 24, 2018 at 01:26:57PM +0200, Phil Sutter wrote: > > > Of all possible TCP flags, 'ecn' is special since it is recognized by > > > lex as a

Re: [nft PATCH] parser_bison: Fix for ECN keyword in LHS of relational

Hi Pablo, On Wed, Oct 03, 2018 at 05:28:24PM +0200, Pablo Neira Ayuso wrote: > On Fri, Aug 24, 2018 at 01:26:57PM +0200, Phil Sutter wrote: > > Of all possible TCP flags, 'ecn' is special since it is recognized by > > lex as a keyword (there is a a field in IPv4 and IPv6 headers with the > > same

[PATCH nft 2/4] src: get rid of netlink_genid_get()

Signed-off-by: Pablo Neira Ayuso --- include/netlink.h | 1 - src/netlink.c | 5 - src/rule.c| 5 +++-- 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/include/netlink.h b/include/netlink.h index d153e2be03ac..4925af04a707 100644 --- a/include/netlink.h +++

[PATCH nft 0/4] assorted updates

Hi, A bunch of assorted updates: 1) Remove json code, we have better support these days in libnftables. So we can deprecate the existing code in libnftnl. 2) Peel off the netlink layer sitting between the command and mnl layers. This is just preparation works for the extended error

[PATCH nft 4/4] mnl: remove alloc_nftnl_chain()

The netlink layer sits in between the mnl and the rule layers, remove it. We can remove alloc_nftnl_chain() and consolidate infrastructure in the src/mnl.c file. Signed-off-by: Pablo Neira Ayuso --- include/mnl.h | 10 +++--- include/netlink.h | 8 - src/mnl.c | 98

[PATCH nft 1/4] netlink: remove markup json parsing code

We have better json support these days, remove libnftnl json support. Signed-off-by: Pablo Neira Ayuso --- src/netlink.c | 276 +- 1 file changed, 2 insertions(+), 274 deletions(-) diff --git a/src/netlink.c b/src/netlink.c index

[PATCH nft 3/4] mnl: remove alloc_nftnl_table()

The netlink layer sits in between the mnl and the rule layers, remove it. We can remove alloc_nftnl_table() and consolidate infrastructure in the src/mnl.c file. Signed-off-by: Pablo Neira Ayuso --- include/mnl.h | 9 + include/netlink.h | 7 --- src/mnl.c | 55

Re: [nft PATCH] parser_bison: Fix for ECN keyword in LHS of relational

On Wed, Oct 03, 2018 at 05:28:24PM +0200, Pablo Neira Ayuso wrote: [...] > On Fri, Aug 24, 2018 at 01:26:57PM +0200, Phil Sutter wrote: > > diff --git a/tests/py/inet/tcp.t b/tests/py/inet/tcp.t > > index d66ba8438a32f..f96e3634f41ed 100644 > > --- a/tests/py/inet/tcp.t > > +++

Re: [PATCH nf-next v2] nft_osf: Add ttl option support

Hi Fernando, A few comments. On Sat, Sep 29, 2018 at 12:18:51PM +0200, Fernando Fernandez Mancera wrote: > Add ttl option support to the nftables "osf" expression. > > Signed-off-by: Fernando Fernandez Mancera > --- > v1: initial patch > v2: code correctness and fix the "~" typo. > --- >

Re: [nft PATCH] parser_bison: Fix for ECN keyword in LHS of relational

Hi Phil, On Fri, Aug 24, 2018 at 01:26:57PM +0200, Phil Sutter wrote: > Of all possible TCP flags, 'ecn' is special since it is recognized by > lex as a keyword (there is a a field in IPv4 and IPv6 headers with the > same name). Therefore it is listed in keyword_expr, but that was > sufficient

[PATCH nft] segtree: stop iteration on existing elements in case closing range is found

No need to keep iterating once the range object has been allocated. Signed-off-by: Pablo Neira Ayuso --- src/segtree.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/segtree.c b/src/segtree.c index dc2554b72acf..dc457d6bc1b7 100644 --- a/src/segtree.c +++

[PATCH nft] rule: fix memleak in do_get_setelems()

Release set and elements in case of error. Signed-off-by: Pablo Neira Ayuso --- src/rule.c | 8 +++- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/rule.c b/src/rule.c index e6d61b670688..6d027c261f97 100644 --- a/src/rule.c +++ b/src/rule.c @@ -2190,17 +2190,15 @@ static

Re: [nft PATCH] tests: shell: Test 'get element' command

On Fri, Sep 28, 2018 at 06:17:31PM +0200, Phil Sutter wrote: > This command is currently broken when used in sets with ranges. Test > various variants against known data and check if output is as expected. Applied, thanks.

[PATCH nft] segtree: memleak in get_set_decompose()

Release set content on error. Moreover, release input set content in case we finally manage to decompose it. Signed-off-by: Pablo Neira Ayuso --- src/segtree.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/segtree.c b/src/segtree.c index 0d53c83fd837..dc2554b72acf 100644 ---

[PATCH nft] segtree: disantangle get_set_interval_end()

This function overrides the left pointer. Instead update this function to return the range that we found to enclose the left element. Note that we may not find a closing right element - therefore, it is a standalone element - in that case this function returns NULL. Reported-by: Phil Sutter