Hi Pablo,
On Mon, Oct 22, 2018 at 09:45:02PM +0200, Pablo Neira Ayuso wrote:
[...]
> > A bit of context illustrating why I think the code needs more than just
> > "more fixes": AFAIU, for each input element (which may be part of a
> > range or not), code asks the kernel for whether the element
Add support for ttl option in "osf" expression. Example:
table ip foo {
chain bar {
type filter hook input priority filter; policy accept;
osf skip name "Linux"
}
}
Signed-off-by: Fernando Fernandez Mancera
---
v1:initial patch
v2:use "ttl-global,
---
doc/primary-expression.txt | 20
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt
index 0fda76d..0c02d9d 100644
--- a/doc/primary-expression.txt
+++ b/doc/primary-expression.txt
@@ -187,18 +187,30 @@
On Mon, Oct 22, 2018 at 06:51:08PM +0200, Florian Westphal wrote:
> this release also adds xtables_getether* functions to libxtables, so
> current and age are incremented as well.
>
> Signed-off-by: Florian Westphal
Acked-by: Pablo Neira Ayuso
Thanks Florian!
On Mon, Oct 22, 2018 at 09:38:31PM +0200, Fernando Fernandez Mancera wrote:
> El 22 de octubre de 2018 20:38:13 CEST, Pablo Neira Ayuso
> escribió:
> >On Mon, Oct 22, 2018 at 05:35:42PM +0200, Fernando Fernandez Mancera
> >wrote:
> >> I am going to add the necessary NFT_OSF_* definitions in the
If the attribute is not sent, eg. old libnftnl binary, then
tb[NFTA_OSF_TTL] is NULL and kernel crashes from the _init path.
Fixes: a218dc82f0b5 ("netfilter: nft_osf: Add ttl option support")
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nft_osf.c | 2 +-
1 file changed, 1 insertion(+), 1
Hi Phil,
On Mon, Oct 22, 2018 at 03:45:09PM +0200, Phil Sutter wrote:
> Despite the recent fixes, the test still fails. While trying to address
> the remaining issues, I found more potentially problematic inputs so
> extend the test by those.
Applied, thanks. More comments, see below.
> ---
>
El 22 de octubre de 2018 20:38:13 CEST, Pablo Neira Ayuso
escribió:
>On Mon, Oct 22, 2018 at 05:35:42PM +0200, Fernando Fernandez Mancera
>wrote:
>> I am going to add the necessary NFT_OSF_* definitions in the
>nf_tables.h
>
>Just add a copy of nf_osf.h to nftables tree. We cannot mangle
Otherwise we keep using the old netlink socket if we hit EINTR.
Signed-off-by: Pablo Neira Ayuso
---
Requires patches 1/3 and 2/3.
include/netlink.h | 2 +-
src/netlink.c | 4 ++--
src/rule.c| 3 +--
3 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/include/netlink.h
Signed-off-by: Pablo Neira Ayuso
---
include/rule.h | 5 +-
src/evaluate.c | 134 ++---
src/parser_bison.y | 5 +-
3 files changed, 69 insertions(+), 75 deletions(-)
diff --git a/include/rule.h b/include/rule.h
index
Signed-off-by: Pablo Neira Ayuso
---
include/netlink.h | 9 +---
include/rule.h| 10 ++--
src/evaluate.c| 55 +++-
src/libnftables.c | 8 +--
src/mnl.c | 28 +-
src/monitor.c | 52
On Mon, Oct 22, 2018 at 05:35:42PM +0200, Fernando Fernandez Mancera wrote:
> I am going to add the necessary NFT_OSF_* definitions in the nf_tables.h
Just add a copy of nf_osf.h to nftables tree. We cannot mangle
nf_tables.h, it's a copy from the original header to ensure sources
compile with
this release also adds xtables_getether* functions to libxtables, so
current and age are incremented as well.
Signed-off-by: Florian Westphal
---
configure.ac | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index 07e32064489b..1da8555e65f3
Comments below.
On 10/15/18 2:47 PM, Pablo Neira Ayuso wrote:
Please send a v3 including tests/py. More comments below.
On Sat, Sep 29, 2018 at 12:15:17PM +0200, Fernando Fernandez Mancera wrote:
Add support for ttl option in "osf" expression. Example:
table ip foo {
chain bar {
Despite the recent fixes, the test still fails. While trying to address
the remaining issues, I found more potentially problematic inputs so
extend the test by those.
Signed-off-by: Phil Sutter
---
Hi,
A bit of context illustrating why I think the code needs more than just
"more fixes": AFAIU,
15 matches
Mail list logo
