Re: linux-next: build failure after merge of the netfilter tree

On Tue, May 16, 2017 at 11:45 PM, Stephen Rothwell wrote: > Hi all, > > After merging the netfilter tree, today's linux-next build (i386 > defconfig) failed like this: > > net/netfilter/x_tables.c: In function 'xt_match_to_user': > net/netfilter/x_tables.c:303:13: error:

linux-next: build failure after merge of the netfilter tree

Hi all, After merging the netfilter tree, today's linux-next build (i386 defconfig) failed like this: net/netfilter/x_tables.c: In function 'xt_match_to_user': net/netfilter/x_tables.c:303:13: error: implicit declaration of function 'COMPAT_XT_ALIGN' [-Werror=implicit-function-declaration]

Re: [Bug 1145] nft 0.7: expression.c:966: range_expr_value_low: Assertion '0' failed.

Hi, On Mon, May 15, 2017 at 02:03:57PM +0200, Florian Westphal wrote: > bugzilla-dae...@netfilter.org wrote: > > [ Switching to email ] > > > https://bugzilla.netfilter.org/show_bug.cgi?id=1145 > > > > --- Comment #1 from Ian Kumlien ---

Re: [PATCH nft 07/10] tests: add ip reject with tcp and check for mark too

Pablo Neira Ayuso wrote: > On Tue, May 09, 2017 at 05:51:19PM +0200, Florian Westphal wrote: > > ... to avoid resetting e.g. the ssh session to the vm that runs > > nft-test.py. > > Oh, this is breaking your testbed, right? OK, that's fine. Yes, the ssh session gets re-set

Re: [PATCH nft 04/10] tests: fix up meta l4proto change for ip6 family

Pablo Neira Ayuso wrote: > On Tue, May 09, 2017 at 05:51:16PM +0200, Florian Westphal wrote: > > After previous commit nft generates meta l4proto for ipv6 dependencies > > instead of checking the (first) nexthdr value. > > > > This fixes up all tests cases accordingly except

Re: [PATCH nft 01/10] src: allow update of net base w. meta l4proto icmpv6

On Tue, May 09, 2017 at 05:51:13PM +0200, Florian Westphal wrote: > nft add rule ip6 f i meta l4proto ipv6-icmp icmpv6 type nd-router-advert > :1:50-60: Error: conflicting protocols specified: unknown vs. icmpv6 > > add icmpv6 to nexthdr list so base gets updated correctly. I would like to see a

Re: [PATCH nft 04/10] tests: fix up meta l4proto change for ip6 family

On Tue, May 09, 2017 at 05:51:16PM +0200, Florian Westphal wrote: > After previous commit nft generates meta l4proto for ipv6 dependencies > instead of checking the (first) nexthdr value. > > This fixes up all tests cases accordingly except one which fails with > > ip6/reject.t: ... 12: 'ip6

Re: [PATCH nft 07/10] tests: add ip reject with tcp and check for mark too

On Tue, May 09, 2017 at 05:51:19PM +0200, Florian Westphal wrote: > ... to avoid resetting e.g. the ssh session to the vm that runs > nft-test.py. Oh, this is breaking your testbed, right? OK, that's fine. > Signed-off-by: Florian Westphal > --- > tests/py/bridge/reject.t

Re: [PATCH nf v2] ebtables: arpreply: Add the standard target sanity check

On Tue, May 16, 2017 at 10:24:00AM +0200, Pablo Neira Ayuso wrote: > On Tue, May 16, 2017 at 09:30:18AM +0800, gfree.w...@vip.163.com wrote: > > From: Gao Feng > > > > The info->target is from userspace and it would be used directly. > > So we need to add the sanity check

Re: Re: [PATCH nf v2] ebtables: arpreply: Add the standard target sanity check

On Tue, May 16, 2017 at 05:53:51PM +0800, Gao Feng wrote: > > At 2017-05-16 17:43:24, "Pablo Neira Ayuso" wrote: > >On Tue, May 16, 2017 at 10:24:00AM +0200, Pablo Neira Ayuso wrote: > >> On Tue, May 16, 2017 at 09:30:18AM +0800, gfree.w...@vip.163.com wrote: > >> > From:

Re:Re: [PATCH nf v2] ebtables: arpreply: Add the standard target sanity check

At 2017-05-16 17:43:24, "Pablo Neira Ayuso" wrote: >On Tue, May 16, 2017 at 10:24:00AM +0200, Pablo Neira Ayuso wrote: >> On Tue, May 16, 2017 at 09:30:18AM +0800, gfree.w...@vip.163.com wrote: >> > From: Gao Feng >> > >> > The info->target is from

Re: [PATCH nft 02/10] src: ipv6: switch implicit dependencies to meta l4proto

On Tue, May 09, 2017 at 05:51:14PM +0200, Florian Westphal wrote: > when using rule like > > ip6 filter input tcp dport 22 > nft generates: > [ payload load 1b @ network header + 6 => reg 1 ] > [ cmp eq reg 1 0x0006 ] > [ payload load 2b @ transport header + 2 => reg 1 ] > [ cmp eq

Re: [PATCH nft 03/10] src: treat ip6 nexthdr as a protocol

On Tue, May 09, 2017 at 05:51:15PM +0200, Florian Westphal wrote: > ip6 nexthdr tcp tcp dport 22 > will now inject a (useless) meta l4 dependency as ip6 nexthdr is no > longer flagged as EXPR_F_PROTOCOL. > > Avoid this if user really specified a test for ip6hdr->nexthdr. But ipv6_find_hdr() is

Re: [PATCH nft 09/10] src: ip: switch implicit dependencies to meta l4proto too

On Tue, May 09, 2017 at 05:51:21PM +0200, Florian Westphal wrote: > after ip6 nexthdr also switch ip to meta l4proto instead of ip protocol. > > While its needed for ipv6 (due to extension headers) this isn't needed > for ip but it has the advantage that > > tcp dport 22 > > produces same

Re: crash on >= 4.9.0 kernel seems nf related

Is this an issue for igb, or netfilter? -- Bj(/)rnar -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html