Re: [PATCH iptables] include: fix build with kernel headers before 4.2

Hi Pablo, Pablo Neira Ayuso writes: > On Fri, Nov 16, 2018 at 09:30:33AM +0200, Baruch Siach wrote: >> Commit 672accf1530 (include: update kernel netfilter header files) >> updated linux/netfilter.h and brought with it the update from kernel >> commit a263653ed798 (netfilter: don't pull

Re: [PATCH iptables] xtables-monitor: fix build with musl libc

Baruch Siach wrote: > Commit 7c8791edac3 ("xtables-monitor: fix build with older glibc") > changed the code to use GNU style tcphdr fields. Unfortunately, musl > libc requires _GNU_SOURCE definition to expose these fields. > > Fix the following build failure: Applied, thanks.

[PATCH iptables] xtables-monitor: fix build with musl libc

Commit 7c8791edac3 ("xtables-monitor: fix build with older glibc") changed the code to use GNU style tcphdr fields. Unfortunately, musl libc requires _GNU_SOURCE definition to expose these fields. Fix the following build failure: xtables-monitor.c: In function ‘trace_print_packet’:

Re: [PATCH iptables] include: fix build with kernel headers before 4.2

Hi Baruch, On Fri, Nov 16, 2018 at 09:30:33AM +0200, Baruch Siach wrote: > Commit 672accf1530 (include: update kernel netfilter header files) > updated linux/netfilter.h and brought with it the update from kernel > commit a263653ed798 (netfilter: don't pull include/linux/netfilter.h > from netns

Re: [iptables PATCH v2] xtables: Introduce per table chain caches

On Thu, Nov 15, 2018 at 02:53:02PM +0100, Phil Sutter wrote: > Being able to omit the previously obligatory table name check when > iterating over the chain cache might help restore performance with large > rulesets in xtables-save and -restore. > > There is one subtle quirk in the code:

[PATCH iptables 4/4] xtables: constify struct builtin_table and struct builtin_chain

These definitions should be const, propagate this to all existing users. Signed-off-by: Pablo Neira Ayuso --- iptables/nft.c | 42 +- iptables/nft.h | 14 +++--- iptables/xtables-restore.c | 4 ++--

[PATCH iptables 1/4] nft: add type field to builtin_table

Use enum nft_table_type to set the new type field in the structure that define tables. --- iptables/nft.c | 8 iptables/nft.h | 1 + 2 files changed, 9 insertions(+) diff --git a/iptables/nft.c b/iptables/nft.c index 5e55ec13d0da..db86f97c6d29 100644 --- a/iptables/nft.c +++

[PATCH iptables 2/4] nft: move chain_cache back to struct nft_handle

Place this back into the structure that stores the state information. Signed-off-by: Pablo Neira Ayuso --- iptables/nft.c | 26 +- iptables/nft.h | 4 +++- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index

[PATCH iptables 3/4] nft: move initialize to struct nft_handle

Move this to the structure that stores, stateful information. Introduce nft_table_initialized() and use it. Signed-off-by: Pablo Neira Ayuso --- iptables/nft.c | 14 ++ iptables/nft.h | 2 +- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/iptables/nft.c

Re: [PATCH nf] netfilter: xt_hashlimit: fix a possible memory leak in htable_create()

On Fri, Nov 16, 2018 at 09:32:35PM +0900, Taehee Yoo wrote: > In the htable_create(), hinfo is allocated by vmalloc() > So that if error occurred, hinfo should be freed. Applied, thanks Taehee.