[PATCH 2/2 nft] tests: shell: make sure split table definition works via nft -f

Add test to cover split table definition in one single file. Signed-off-by: Pablo Neira Ayuso --- tests/shell/testcases/nft-f/0008split_tables_0 | 50 ++ 1 file changed, 50 insertions(+) create mode 100755 tests/shell/testcases/nft-f/0008split_tables_0 diff --git a/test

[PATCH 1/2 nft] parser_bison: fix typo in symbol redefinition error reporting

"redefinition" instead of "redfinition". Signed-off-by: Pablo Neira Ayuso --- src/parser_bison.y | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/parser_bison.y b/src/parser_bison.y index d946e0e..6a029d1 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -635,7 +

Re: [PATCH nft v5 3/3] src: add xt compat support

good to see this finally merged :-) -- Arturo Borrero González -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH nft v5 1/3] include: cache ip_tables.h, ip6_tables.h, arp_tables.h and ebtables.h

On Tue, Jul 12, 2016 at 10:04:15PM +0200, Pablo M. Bermudo Garay wrote: > From: Pablo Neira > > The xt over nft support that comes in follow up patches need this, and update > the corresponding Makefile.am. > > Based on patch from Arturo Borrero Gonzalez. Applied, thanks. -- To unsubscribe from

Re: [PATCH nft v5 2/3] src: expose delinearize/linearize structures and stmt_error()

On Tue, Jul 12, 2016 at 10:04:16PM +0200, Pablo M. Bermudo Garay wrote: > From: Pablo Neira > > Needed by the follow up xt compatibility layer patch. Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.o

Re: [PATCH nft v5 3/3] src: add xt compat support

On Tue, Jul 12, 2016 at 10:04:17PM +0200, Pablo M. Bermudo Garay wrote: > From: Pablo Neira > > At compilation time, you have to pass this option. > > # ./configure --with-xtables > > And libxtables needs to be installed in your system. > > This patch allows to list a ruleset containing xt e

[PATCH v2 nf] netfilter: x_tables: speed up jump target validation

The dummy ruleset I used to test the original validation change was broken, most rules were unreachable and were not tested by mark_source_chains(). In some cases rulesets that used to load in a few seconds now require several minutes. sample ruleset that shows the behaviour: echo "*filter" for

Re: [PATCH nf-next 2/2] netfilter: conntrack: simplify the code by using nf_conntrack_get_ht

Hi Florian, At 2016-07-12 21:03:03, "Florian Westphal" wrote: >Liping Zhang wrote: >> +inline void >> +nf_conntrack_get_ht(struct hlist_nulls_head **hash, unsigned int *hsize) > >Which "inline void"? This is very unusual. > >I would suggest to not add it, and ... Yes, but we can still find a v

Re: nftables: Dynamically updating sets gives syntax error

On tir, 2016-07-12 at 17:22 +0200, Pablo Neira Ayuso wrote: > On Sat, Jul 02, 2016 at 04:12:56PM +0200, Anders K. Pedersen wrote: > > Hello, > > > > On lør, 2016-06-25 at 15:30 +0200, Anders K. Pedersen wrote: > > > With nftables 0.6 I'm getting a syntax error, when I try to use > > > the > > > fe