On Tue, May 16, 2017 at 11:45 PM, Stephen Rothwell
wrote:
> Hi all,
>
> After merging the netfilter tree, today's linux-next build (i386
> defconfig) failed like this:
>
> net/netfilter/x_tables.c: In function 'xt_match_to_user':
> net/netfilter/x_tables.c:303:13: error:
Hi all,
After merging the netfilter tree, today's linux-next build (i386
defconfig) failed like this:
net/netfilter/x_tables.c: In function 'xt_match_to_user':
net/netfilter/x_tables.c:303:13: error: implicit declaration of function
'COMPAT_XT_ALIGN' [-Werror=implicit-function-declaration]
Hi,
On Mon, May 15, 2017 at 02:03:57PM +0200, Florian Westphal wrote:
> bugzilla-dae...@netfilter.org wrote:
>
> [ Switching to email ]
>
> > https://bugzilla.netfilter.org/show_bug.cgi?id=1145
> >
> > --- Comment #1 from Ian Kumlien ---
Pablo Neira Ayuso wrote:
> On Tue, May 09, 2017 at 05:51:19PM +0200, Florian Westphal wrote:
> > ... to avoid resetting e.g. the ssh session to the vm that runs
> > nft-test.py.
>
> Oh, this is breaking your testbed, right? OK, that's fine.
Yes, the ssh session gets re-set
Pablo Neira Ayuso wrote:
> On Tue, May 09, 2017 at 05:51:16PM +0200, Florian Westphal wrote:
> > After previous commit nft generates meta l4proto for ipv6 dependencies
> > instead of checking the (first) nexthdr value.
> >
> > This fixes up all tests cases accordingly except
On Tue, May 09, 2017 at 05:51:13PM +0200, Florian Westphal wrote:
> nft add rule ip6 f i meta l4proto ipv6-icmp icmpv6 type nd-router-advert
> :1:50-60: Error: conflicting protocols specified: unknown vs. icmpv6
>
> add icmpv6 to nexthdr list so base gets updated correctly.
I would like to see a
On Tue, May 09, 2017 at 05:51:16PM +0200, Florian Westphal wrote:
> After previous commit nft generates meta l4proto for ipv6 dependencies
> instead of checking the (first) nexthdr value.
>
> This fixes up all tests cases accordingly except one which fails with
>
> ip6/reject.t: ... 12: 'ip6
On Tue, May 09, 2017 at 05:51:19PM +0200, Florian Westphal wrote:
> ... to avoid resetting e.g. the ssh session to the vm that runs
> nft-test.py.
Oh, this is breaking your testbed, right? OK, that's fine.
> Signed-off-by: Florian Westphal
> ---
> tests/py/bridge/reject.t
On Tue, May 16, 2017 at 10:24:00AM +0200, Pablo Neira Ayuso wrote:
> On Tue, May 16, 2017 at 09:30:18AM +0800, gfree.w...@vip.163.com wrote:
> > From: Gao Feng
> >
> > The info->target is from userspace and it would be used directly.
> > So we need to add the sanity check
On Tue, May 16, 2017 at 05:53:51PM +0800, Gao Feng wrote:
>
> At 2017-05-16 17:43:24, "Pablo Neira Ayuso" wrote:
> >On Tue, May 16, 2017 at 10:24:00AM +0200, Pablo Neira Ayuso wrote:
> >> On Tue, May 16, 2017 at 09:30:18AM +0800, gfree.w...@vip.163.com wrote:
> >> > From:
At 2017-05-16 17:43:24, "Pablo Neira Ayuso" wrote:
>On Tue, May 16, 2017 at 10:24:00AM +0200, Pablo Neira Ayuso wrote:
>> On Tue, May 16, 2017 at 09:30:18AM +0800, gfree.w...@vip.163.com wrote:
>> > From: Gao Feng
>> >
>> > The info->target is from
On Tue, May 09, 2017 at 05:51:14PM +0200, Florian Westphal wrote:
> when using rule like
>
> ip6 filter input tcp dport 22
> nft generates:
> [ payload load 1b @ network header + 6 => reg 1 ]
> [ cmp eq reg 1 0x0006 ]
> [ payload load 2b @ transport header + 2 => reg 1 ]
> [ cmp eq
On Tue, May 09, 2017 at 05:51:15PM +0200, Florian Westphal wrote:
> ip6 nexthdr tcp tcp dport 22
> will now inject a (useless) meta l4 dependency as ip6 nexthdr is no
> longer flagged as EXPR_F_PROTOCOL.
>
> Avoid this if user really specified a test for ip6hdr->nexthdr.
But ipv6_find_hdr() is
On Tue, May 09, 2017 at 05:51:21PM +0200, Florian Westphal wrote:
> after ip6 nexthdr also switch ip to meta l4proto instead of ip protocol.
>
> While its needed for ipv6 (due to extension headers) this isn't needed
> for ip but it has the advantage that
>
> tcp dport 22
>
> produces same
Is this an issue for igb, or netfilter?
--
Bj(/)rnar
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
15 matches
Mail list logo