Snooping expected connections in a user CT helper

Hi, I am trying to extend the ssdp user helper in conntrackd to handle event subscriptions on a UPnP control point. The flow looks like this: 1) Outbound multicast M-SEARCH packet (dst: 1900/udp) - Create expectation for unicast reply from to source port 2) Inbound unicast reply (there may

[PATCH iptables 2/2] xtables-translate-restore: do not escape quotes

If quotes are escaped, nft -f is unable to parse and load the translated ruleset. Signed-off-by: Pablo M. Bermudo Garay --- iptables/xtables-translate.c | 11 +++ 1 file changed, 11 insertions(+) diff --git a/iptables/xtables-translate.c

[PATCH iptables 1/2] xtables-translate: add escape_quotes option to comment_xlate

The comment_xlate function was not supporting this option that is necessary in some situations. Signed-off-by: Pablo M. Bermudo Garay --- extensions/libxt_comment.c | 9 - iptables/nft-ipv4.c| 2 +- iptables/nft-ipv6.c| 2 +- 3 files changed, 10

Re: [PATCH 2/3 v3 nft] tests: Use libnftnl comparators in all tests

On Tue, Aug 16, 2016 at 12:30:24PM +0200, Carlos Falgueras García wrote: > Use 'nftnl_expr_cmp' and 'nftnl_rule_cmp' in all tests instead of custom > comparator for each one. If objects differ both are printed. Please, please. One at a time... This depends on your previois patchset so I cannot

Re: [PATCH 1/3 v4 libnftnl] Implement rule comparison

On Tue, Aug 16, 2016 at 12:21:24PM +0200, Carlos Falgueras García wrote: > diff --git a/src/expr.c b/src/expr.c > index e5c1dd3..7f32055 100644 > --- a/src/expr.c > +++ b/src/expr.c > @@ -203,6 +203,20 @@ const char *nftnl_expr_get_str(const struct nftnl_expr > *expr, uint16_t type) > } >

Re: [PATCH nf-next] netfilter: allow logging from non-init namespaces

On Mon, May 16, 2016 at 08:43:16AM +0200, Michal Kubecek wrote: > On Thu, May 12, 2016 at 11:57:26AM +0200, Pablo Neira Ayuso wrote: > > On Wed, Apr 27, 2016 at 02:48:02PM +0200, Michal Kubecek wrote: > > > Commit 69b34fb996b2 ("netfilter: xt_LOG: add net namespace support for > > > xt_LOG")

[PATCH 2/3 v3 nft] tests: Use libnftnl comparators in all tests

Use 'nftnl_expr_cmp' and 'nftnl_rule_cmp' in all tests instead of custom comparator for each one. If objects differ both are printed. Signed-off-by: Carlos Falgueras García --- tests/libtest.c | 30 ++ tests/libtest.h

[PATCH 1/3 v3 nft] tests: Consolidate printing error utilities

This patch adds libtest.c and libtest.h to reduce test code and consolidate it. Signed-off-by: Carlos Falgueras García --- .gitignore | 1 + tests/Makefile.am | 52 +--- tests/libtest.c

[PATCH 2/3 v4 nft] Simplify parser rule_spec tree

This patch separates the rule identification from the rule localization, so the logic moves from the evaluator to the parser. This allows to revert the patch "evaluate: improve rule managment checks" (4176c7d30c2ff1b3f52468fc9c08b8df83f979a8) and saves a lot of code. An specific error message is

[PATCH 1/3 v4 libnftnl] Implement rule comparison

This patch implements the function 'bool nftnl_rule_cmp(const struct nftnl_rule *r, const struct nftnl_rule *r2)' for rule comparison. Expressions within rules need to be compared, so also has been created the function 'nftnl_expr_cmp' which calls new field within 'nfntl_expr_': a function

[PATCH 3/3 v4 nft] Implement deleting rule by description

This patch introduces deletion in a similar fashion as in iptables, thus, we can delete the first rule that matches our description, for example: $ nft list -a ruleset table ip t { chain c { ip saddr 1.1.1.1 counter packets 0 bytes 0 #

[ANNOUNCE] Netdev 1.2 updates (16th August, 2016)

Hello folks, I hope all of you're fine. Here is an update for coming Netdev 1.2 Tokyo. * Summary 1) extended early-bird registration 2) paper submission deadline 3) slides submission deadline 4) newly accepted sessions So here we go. 1) extended early bird registration deadline Due to