Hi Laura,
2016-08-10 2:22 GMT+08:00 Laura Garcia Liebana :
> This patch adds a new hash expression, this provides jhash support but
> this can be extended to support for other hash functions.
>
> The modulus and seed already comes embedded into this new expression.
>
> Use case example:
> meta mar
Fix the direct assignment of offset and length attributes included in
nft_exthdr structure from u32 data to u8.
Signed-off-by: Laura Garcia Liebana
---
net/netfilter/nft_exthdr.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nft_exthdr.c b/net/n
This patch adds a new hash expression, this provides jhash support but
this can be extended to support for other hash functions.
The modulus and seed already comes embedded into this new expression.
Use case example:
meta mark set hash ip saddr mod 10
Signed-off-by: Laura Garcia Liebana
---
Cha
Hi,
I just experienced network hangup with 4.7.0, it happened shortly
after resume from hibernate:
[201988.443552] INFO: rcu_preempt detected stalls on CPUs/tasks:
[201988.443556] Tasks blocked on level-0 rcu_node (CPUs 0-3): P14563
[201988.443557] (detected by 3, t=18002 jiffies,
We have a Linux gateway with multiple VLANs with the default policy
being DROP. We have the following rules in the INPUT and OUTPUT chains
of the filter table:
iptables -I INPUT -p icmp -j ACCEPT
iptables -I OUTPUT -p icmp -j ACCEPT
to allow pings to and from the gateway. What would be the best w
On Tue, Aug 09, 2016 at 04:13:40PM +0200, Laura Garcia wrote:
> On Tue, Aug 09, 2016 at 12:52:53PM +0200, Pablo Neira Ayuso wrote:
> > On Thu, Jul 28, 2016 at 11:20:59AM +0200, Florian Westphal wrote:
> > > Laura Garcia wrote:
> > > > On Thu, Jul 28, 2016 at 01:01:05AM +0200, Florian Westphal wrot
I'd rename the patch title to:
netfilter: nf_tables: add hash expression
While it is true that we support jenkins initially, we can potentially
extend this to support anything, so let's keep this patch title a bit
more generic.
On Tue, Aug 09, 2016 at 04:03:16PM +0200, Laura Garcia Lieba
On Tue, Aug 09, 2016 at 12:52:53PM +0200, Pablo Neira Ayuso wrote:
> On Thu, Jul 28, 2016 at 11:20:59AM +0200, Florian Westphal wrote:
> > Laura Garcia wrote:
> > > On Thu, Jul 28, 2016 at 01:01:05AM +0200, Florian Westphal wrote:
> > > > How exactly is this used by nftables?
> > > >
> > > > AFAI
Use nft_set_* prefix for backend set implementations, thus we can use
nft_hash for the new hash expression.
Signed-off-by: Pablo Neira Ayuso
---
Laura, I'm posting this patch that you need in first place before the hash
expression.
net/netfilter/Kconfig| 4 ++--
net/
Support for the nft hash expression within libnftnl.
Signed-off-by: Laura Garcia Liebana
---
include/buffer.h| 2 +
include/libnftnl/expr.h | 16 ++
include/linux/netfilter/nf_tables.h | 20 +++
src/Makefile.am | 1 +
src/expr/hash.c
This patch adds a new hash expression, this provides jhash support but
this can be extended to support for other hash functions.
The modulus and seed comes already come embedded into this new
expression.
Use case example:
meta mark set hash ip saddr mod 10
Signed-off-by: Laura Garcia Liebana
--
Iterators do not modify objects which they iterate, so input pointer must
be const.
Signed-off-by: Carlos Falgueras García
---
include/libnftnl/chain.h | 4 ++--
include/libnftnl/rule.h | 8
include/libnftnl/set.h | 16
include/libnftnl/table.h | 4 ++--
src/chain
On Thu, Jul 28, 2016 at 11:20:59AM +0200, Florian Westphal wrote:
> Laura Garcia wrote:
> > On Thu, Jul 28, 2016 at 01:01:05AM +0200, Florian Westphal wrote:
> > > How exactly is this used by nftables?
> > >
> > > AFAIU usespace will check if ->dreg is 0 or not, but does that make
> > > sense?
>
If the path refers to an absolute or relative path, do not check for the
default include paths, eg. /etc/nftables/.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1040
Signed-off-by: Pablo Neira Ayuso
---
src/scanner.l | 24 +---
1 file changed, 17 insertions(+), 7 de
For consistency with other error messages in this codebase, don't add a
line break.
Signed-off-by: Pablo Neira Ayuso
---
src/scanner.l | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/scanner.l b/src/scanner.l
index cb2ea32..613c3c9 100644
--- a/src/scanner.l
+++ b/src/sca
This resolves an ambiguity if the same file name is used both under
sysconfdir and the current working directory.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1040
Signed-off-by: Pablo Neira Ayuso
---
src/scanner.l | 13 ++---
1 file changed, 6 insertions(+), 7 deletions(-)
di
On Tue, Aug 02, 2016 at 04:29:47PM +0200, Pablo M. Bermudo Garay wrote:
> ip[6]tables-compat -L was not printing the comments since commit
> d64ef34a9961 ("iptables-compat: use nft built-in comments support").
>
> This patch solves the issue.
Applied, thanks.
--
To unsubscribe from this list: sen
On Mon, Aug 08, 2016 at 08:10:16PM +0200, Carlos Falgueras García wrote:
> Iterators do not modify objects which they iterate, so input pointer must
> be const.
Please, constify other iterators: chain, set, set_elem, table, and so
on. So we get this code in sync too.
Thanks.
--
To unsubscribe fro
18 matches
Mail list logo
