Re: [ebtables PATCH] Fix locking if LOCKDIR does not exist

On Mon, Jan 15, 2018 at 04:27:31PM +0100, Phil Sutter wrote: > The previous conversion to using flock() missed a crucial bit of code > which tries to create LOCKDIR once in case opening the lock failed - > This patch reestablishes the old behaviour. Applied, thanks Phil. -- To unsubscribe from

Re: [PATCH v3] netfilter : add NAT support for shifted portmap ranges

Op 16/01/2018 om 15:32 schreef Pablo Neira Ayuso: > Hi Thierry, > > On Mon, Jan 15, 2018 at 01:56:09PM +0100, Thierry Du Tre wrote: >> Hi Pablo, >> >> I prepared this third version to get aligned about the way forward for the >> extension for struct nf_nat_range. >> >> Renaming the old

[nft PATCH 2/2] configure: Allow to disable man page building

Aparently there are distributions which come with incompatible docbook implementations. On those, forced man page creating if required binaries are found leads to build failure. Allow them to conveniently disable man page output instead of having to pass undocumented variables to configure.

[nft PATCH 0/2] Allow to disable man page output

An option to disable man page creating on systems with broken docbook helps prevent build failures for them. While preparing above functionality (found in patch 2), I noticed the rather confusing help entry for debug option and fixed it while being at it (patch 1). Phil Sutter (2): configure:

[nft PATCH 1/2] configure: Fix help text regarding --enable-debug

Debugging symbols are enabled by default, so list '--disable-debug' in help output rather than '--enable-debug'. This way it is also consistent with the parameter's description. Signed-off-by: Phil Sutter --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff

[Iptables PATCH] extensions: Add test for cluster nft translation

This patch adds test cases for iptables to nft translation of cluster match This adds all test cases including corner cases. Run these test cases like: $ ./xlate-test.py extensions/libxt_cluster.txlate Signed-off-by: Shyam Saini ---

Re: [ANNOUNCE] nftables 0.8.1 release

On Tue, Jan 16, 2018 at 03:53:30PM +0100, Pablo Neira Ayuso wrote: > On Tue, Jan 16, 2018 at 03:48:24PM +0100, Jan Engelhardt wrote: > > > > >nftables 0.8.1 > > > > > >This release contains mostly incremental fixes and documentation > > >updates, such as fixing up ./configure

Re: [PATCH] extensions : multiple to-dst/to-src arguments for ip6t_DNAT/SNAT not reported

On Tue, Jan 16, 2018 at 04:31:30PM +0100, Thierry Du Tre wrote: > Op 16/01/2018 om 16:24 schreef Pablo Neira Ayuso: > > On Tue, Jan 16, 2018 at 04:23:20PM +0100, Pablo Neira Ayuso wrote: > >> On Tue, Jan 16, 2018 at 04:20:40PM +0100, Thierry Du Tre wrote: > >>> Op 16/01/2018 om 16:06 schreef

Re: [PATCH nft v2] tests: Add test for compile options.

On Tue, Jan 16, 2018 at 08:00:36AM +0530, Varsha Rao wrote: > This patch adds a script to test available compile options. Great, more tests :-). Applied, thanks Varsha! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to

Re: [PATCH] extensions : multiple to-dst/to-src arguments for ip6t_DNAT/SNAT not reported

Op 16/01/2018 om 16:24 schreef Pablo Neira Ayuso: > On Tue, Jan 16, 2018 at 04:23:20PM +0100, Pablo Neira Ayuso wrote: >> On Tue, Jan 16, 2018 at 04:20:40PM +0100, Thierry Du Tre wrote: >>> Op 16/01/2018 om 16:06 schreef Thierry Du Tre: Op 16/01/2018 om 14:06 schreef Pablo Neira Ayuso: >

Re: [PATCH] extensions : multiple to-dst/to-src arguments for ip6t_DNAT/SNAT not reported

On Tue, Jan 16, 2018 at 04:23:20PM +0100, Pablo Neira Ayuso wrote: > On Tue, Jan 16, 2018 at 04:20:40PM +0100, Thierry Du Tre wrote: > > Op 16/01/2018 om 16:06 schreef Thierry Du Tre: > > > Op 16/01/2018 om 14:06 schreef Pablo Neira Ayuso: > > >> Hi Thierry, > > >> > > >> On Tue, Jan 16, 2018 at

Re: [PATCH] extensions : multiple to-dst/to-src arguments for ip6t_DNAT/SNAT not reported

On Tue, Jan 16, 2018 at 04:20:40PM +0100, Thierry Du Tre wrote: > Op 16/01/2018 om 16:06 schreef Thierry Du Tre: > > Op 16/01/2018 om 14:06 schreef Pablo Neira Ayuso: > >> Hi Thierry, > >> > >> On Tue, Jan 16, 2018 at 01:44:37PM +0100, Thierry Du Tre wrote: > >>> This patch is fixing the detection

Re: [PATCH] extensions : multiple to-dst/to-src arguments for ip6t_DNAT/SNAT not reported

Op 16/01/2018 om 16:06 schreef Thierry Du Tre: > Op 16/01/2018 om 14:06 schreef Pablo Neira Ayuso: >> Hi Thierry, >> >> On Tue, Jan 16, 2018 at 01:44:37PM +0100, Thierry Du Tre wrote: >>> This patch is fixing the detection of multiple '--to-destination' in a DNAT >>> rule and '--to-source' in

Re: [PATCH] extensions : multiple to-dst/to-src arguments for ip6t_DNAT/SNAT not reported

On Tue, Jan 16, 2018 at 01:44:37PM +0100, Thierry Du Tre wrote: > This patch is fixing the detection of multiple '--to-destination' in a DNAT > rule and '--to-source' in SNAT rule for IPv6. > Currently, when defining multiple values for these, only the last will be > used and others ignored

Re: [PATCH] extensions : multiple to-dst/to-src arguments for ip6t_DNAT/SNAT not reported

On Tue, Jan 16, 2018 at 04:06:27PM +0100, Thierry Du Tre wrote: > Op 16/01/2018 om 14:06 schreef Pablo Neira Ayuso: > > Hi Thierry, > > > > On Tue, Jan 16, 2018 at 01:44:37PM +0100, Thierry Du Tre wrote: > >> This patch is fixing the detection of multiple '--to-destination' in a > >> DNAT rule

Re: [PATCH] extensions : multiple to-dst/to-src arguments for ip6t_DNAT/SNAT not reported

Op 16/01/2018 om 14:06 schreef Pablo Neira Ayuso: > Hi Thierry, > > On Tue, Jan 16, 2018 at 01:44:37PM +0100, Thierry Du Tre wrote: >> This patch is fixing the detection of multiple '--to-destination' in a DNAT >> rule and '--to-source' in SNAT rule for IPv6. >> Currently, when defining multiple

Re: [ANNOUNCE] nftables 0.8.1 release

On Tue, Jan 16, 2018 at 03:48:24PM +0100, Jan Engelhardt wrote: > > >nftables 0.8.1 > > > >This release contains mostly incremental fixes and documentation > >updates, such as fixing up ./configure --with-mini-gmp for embedded > >setups that don't have libgmp. > > Why is this now

[PATCH] netfilter: nf_tables: Fix trailing semicolon

The trailing semicolon is an empty statement that does no operation. Removing it since it doesn't do anything. Signed-off-by: Luis de Bethencourt --- Hi, After fixing the same thing in drivers/staging/rtl8723bs/, Joe Perches suggested I fix it treewide [0]. Best regards

Re: [ANNOUNCE] nftables 0.8.1 release

>nftables 0.8.1 > >This release contains mostly incremental fixes and documentation >updates, such as fixing up ./configure --with-mini-gmp for embedded >setups that don't have libgmp. Why is this now installing a libnftables.pc file when there is no library or headers to go with it?

Re: [PATCH v3] netfilter : add NAT support for shifted portmap ranges

Hi Thierry, On Mon, Jan 15, 2018 at 01:56:09PM +0100, Thierry Du Tre wrote: > Hi Pablo, > > I prepared this third version to get aligned about the way forward for the > extension for struct nf_nat_range. > > Renaming the old definition as you suggested indeed results in a much smaller > patch

Re: conntrack enhancement

Jack Ma wrote: > Hi there, > > I am planing to add new user option to allow connmark to be shifted to enable > more advanced routing options. > > Currently, it might be something like: > > Conntrack parameters and options: > > -sl, --shift-left bits

Re: [PATCH] extensions : multiple to-dst/to-src arguments for ip6t_DNAT/SNAT not reported

Hi Thierry, On Tue, Jan 16, 2018 at 01:44:37PM +0100, Thierry Du Tre wrote: > This patch is fixing the detection of multiple '--to-destination' in a DNAT > rule and '--to-source' in SNAT rule for IPv6. > Currently, when defining multiple values for these, only the last will be > used and others

[ANNOUNCE] nftables 0.8.1 release

Hi! The Netfilter project proudly presents: nftables 0.8.1 This release contains mostly incremental fixes and documentation updates, such as fixing up ./configure --with-mini-gmp for embedded setups that don't have libgmp. Deprecated syntax = This release deprecates

[PATCH] extensions : multiple to-dst/to-src arguments for ip6t_DNAT/SNAT not reported

This patch is fixing the detection of multiple '--to-destination' in a DNAT rule and '--to-source' in SNAT rule for IPv6. Currently, when defining multiple values for these, only the last will be used and others ignored silently. The checks for (cb->xflags & F_X_TO_[DEST/SRC]) always fails