Hey Pablo,
> Applied to nf-next, thanks Jason.
I didn't think this was stable material at first, but since you
applied this, OpenWRT backported it, and two people mentioned to me
separately that miscellaneous issues they were having with flow
offloading and some in-tree virtual interfaces were
On Tuesday 2018-06-05 20:04, Duncan Roe wrote:
>diff --git a/include/ip6tables.h b/include/ip6tables.h
>index 5f1c5b6..d95953e 100644
>--- a/include/ip6tables.h
>+++ b/include/ip6tables.h
>@@ -2,8 +2,8 @@
> #define _IP6TABLES_USER_H
>
> #include
>-#include
>-#include
>+#include "xtables.h"
Hi Pablo,
On Tue, 5 Jun 2018, Pablo Neira Ayuso wrote:
> These are fixes and net-next is closed, please route them through
> nf.git.
No problem, I'll resubmit the patches when net-next opens up again, for
nf.git.
Best regards,
Jozsef
-
E-mail : kad...@blackhole.kfki.hu,
iptables carries a private copy of a number of system headers. These were mostly
still being included with angle brackets as though they were in a standard
location. Tested configurations of gcc would pick up the private copy in these
cases but it has been reported that others do not.
By using
libnftnl carries a private copy of a number of system headers. These were mostly
still being included with angle brackets as though they were in a standard
location. Tested configurations of gcc would pick up the private copy in these
cases but it has been reported that others do not.
By using
On Tue, Jun 05, 2018 at 10:13:18AM +0200, Jan Engelhardt wrote:
> On Tuesday 2018-06-05 08:20, Duncan Roe wrote:
>
> >libmnl carries a private copy of a number of system headers. These were
> >mostly
> >still being included with angle brackets as though they were system headers.
>
> These headers
Hi Jozsef,
On Tue, Jun 05, 2018 at 01:08:29PM +0200, Jozsef Kadlecsik wrote:
> Hi Pablo,
>
> Please pull the next patches for nf-next:
>
> - Check hook mask for unsupported hooks instead of supported ones in xt_set.
> (Serhey Popovych).
> - List/save just timing out entries with "timeout 1"
Dne středa 23. května 2018 9:59:56 CEST, Pablo Neira Ayuso napsal(a):
> On Mon, Apr 30, 2018 at 10:28:16AM +0200, David Fabian wrote:
> > Hello,
> >
> > this series of patches follows a discussion brought here about adding
> > support for deeper variable scopes especially in the flat notation.
Global variables live only in the top-level scope and can be accessed from
anywhere.
They are unloaded at the end of parsing.
Global definitions cannot contain local variables because those may get deleted
when
the local scope goes away and the subsequent use of the global would lead to a
---
tests/shell/testcases/include/0016sibling_scopes_0 | 33 ++
.../shell/testcases/include/0017scope_hierarchy_0 | 39 ++
tests/shell/testcases/include/0018global_define_0 | 38 +
tests/shell/testcases/include/0019global_define_1 | 20
---
include/parser.h | 10 --
src/libnftables.c | 2 ++
src/parser_bison.y | 14 ++
src/rule.c | 1 +
src/scanner.l | 18 +-
5 files changed, 38 insertions(+), 7 deletions(-)
diff --git a/include/parser.h b/include/parser.h
index
Indesc structure is now bound to scopes. Fixed issues with glob includes
incorrectly increase the inclusion depth value. The entire scope tree gets
cleaned up at the end of parsing now to properly support displaying of
error messages.
---
include/nftables.h | 10 +++--
include/parser.h |
This series of patches follows a discussion brought here about adding support
for deeper variable scopes especially in the flat notation. These patches add
a new variable scope to each include statement. The new scope is a child of
the parent scope (script in which the include resides). All
Hi Máté,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/M-t-Eckl/netfilter-nft-add-support-for-native-socket-matching/20180601-094951
base:
Fernando Fernandez Mancera wrote:
> The correct name is "docbook2x-man" not "docbookx2-man".
applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at
The correct name is "docbook2x-man" not "docbookx2-man".
Signed-off-by: Fernando Fernandez Mancera
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 36148ae..e698a9b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -62,7 +62,7
Hi Pablo,
Please pull the next patches for nf-next:
- Check hook mask for unsupported hooks instead of supported ones in xt_set.
(Serhey Popovych).
- List/save just timing out entries with "timeout 1" instead of "timeout 0":
zero timeout value means permanent entries. When restoring the
From: Serhey Popovych
Inserting rule before one with SET target we get error with warning in
dmesg(1) output:
# iptables -A FORWARD -t mangle -j SET --map-set test src --map-prio
# iptables -I FORWARD 1 -t mangle -j ACCEPT
iptables: Invalid argument. Run `dmesg' for more information.
#
When listing sets with timeout support, there's a probability that
just timing out entries with "0" timeout value is listed/saved.
However when restoring the saved list, the zero timeout value means
permanent elelements.
The new behaviour is that timing out entries are listed with "timeout 1"
Due to the negative value condition in msecs_to_jiffies(), the real
max possible timeout value must be set to (UINT_MAX >> 1)/MSEC_PER_SEC.
Neutron Soutmun proposed the proper fix, but an insufficient one was
applied, see https://patchwork.ozlabs.org/patch/400405/.
Signed-off-by: Jozsef
From: Florent Fourcot
Userspace `ipset` command forbids family option for hash:mac type:
ipset create test hash:mac family inet4
ipset v6.30: Unknown argument: `family'
However, this check is not done in kernel itself. When someone use
external netlink applications (pyroute2 python library for
On Tuesday 2018-06-05 08:20, Duncan Roe wrote:
>libmnl carries a private copy of a number of system headers. These were mostly
>still being included with angle brackets as though they were system headers.
These headers are willingly used in exactly that context: they are
system headers, just at
nftables carries a private copy of a number of system headers. These were mostly
still being included with angle brackets as though they were system headers.
Tested configurations of gcc would pick up the private copy in these cases but
it has been reported that others do not.
By using double
libmnl carries a private copy of a number of system headers. These were mostly
still being included with angle brackets as though they were system headers.
Tested configurations of gcc would pick up the private copy in these cases but
it has been reported that others do not.
By using double
24 matches
Mail list logo
