[PATCH] INSTALL: Update dependency list and configure with libxtables support

Add configure with lixtables in INSTALL and required dependencies for the same Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- INSTALL | 11 +++ 1 file changed, 11 insertions(+) diff --git a/INSTALL b/INSTALL index 3e9a6ad..04981f1 100644 --- a/INSTALL +++ b/I

[PATCH] test: shell: execute shell/run-tests.sh from any directory

Update shell/run-tests.sh to refer /src/nft with a relative path Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- tests/shell/run-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh index 4eba0a8..d

[PATCH] nftables: make pointers in string arrays constant

static const char * array should probably be static const char * const array as per linux-kernel coding style Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- src/erec.c | 2 +- src/evaluate.c | 4 ++-- src/rule.c | 6 +++--- src/statement.c | 4 ++-- 4 files chan

[PATCH] tests: shell: add testcases for named objects

Add testcases for creating named objects with unique name, defined by user and referencing them from rule. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- tests/shell/testcases/sets/0024named_objects_0 | 41 ++ 1 file changed, 41 insertions(+) creat

nftables: 0040set_0 test in tests/shell/testcases/transactions fails

s for your time. Regards, Harsha Sharma -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

[PATCH] src: Merge assignment with return

Merge assignment with return statement to directly return the value. Done using following coccinelle semantic patch @@ local idexpression ret; expression e; @@ -ret = +return e; -return ret; Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- src/mini-gmp.c | 3 +-

[PATCH] test: shell: update shell/run-tests.sh to refer to relative path of testcase

Refer to relative path for tests from any directory if path for testcases is specified. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- tests/shell/run-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/shell/run-tests.sh b/tests/shell/run-te

[PATCH] src: Remove unnecessary spaces

Remove spaces before tab and at the start of a line Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- There are other such files but I am breaking it down to make review easy. src/datatype.c | 4 ++-- src/evaluate.c | 2 +- src/gmputil.c | 4 ++-- src/main.c | 2 +- src/

[PATCH] src: Code indent should use tabs wherever possible

Remove unnecessary spaces and use tabs for code indent. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- src/datatype.c | 2 +- src/evaluate.c | 10 +- src/gmputil.c | 4 ++-- src/meta.c | 4 ++-- src/netlink.c | 6 +++--- src/segtree.c | 4 ++-- 6 files c

Re: [Outreachy kernel] [PATCH] src: buffer is not null terminated

snprintf rather than > strncpy, and then as you already do explain why the change is desirable in > the commit log. Then one is somehow better oriented to what is going on. > Hi, Thanks for your feedback. I have sent another version for the patch. Thanks for your time :) Regards, Harsha Sh

[PATCH] datatype: Change "%Zx" to "%zx" and "%Zu" to "%zu"

Use "%zx" and "%zu" over "%Zx" and "%Zu" respectively as "%Zx" and "%Zu" is non-standard C. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- src/datatype.c | 8 1 file changed, 4 insertions(+), 4 deleti

[PATCH v2] src: Use snprintf() over strncpy()

Use snprintf() over strncpy() functions as the buffer is not null terminated in strncpy(). Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- Changes in v2: -Change subject src/datatype.c | 2 +- src/iface.c| 4 ++-- src/netlink.c | 4 ++-- 3 files changed, 5 insertions

nftables: Add support for unsupported codes in icmp and icmp6 extensions

and time-exceeded are not supported as some of their type values mismatches otherwise. Can someone please guide me on what will be the best way to add support for unreach, redirect and time-exceeded codes in icmp and icmp6 extensions in nftables. Thanks for your time. Regards, Harsha Sharma

nftables: Add support for reserved header and addrs for routing header type 0

] and [RTHDR_NEXTHDR]. Can anyone please guide me on how to declare macros in parser_bison.c? Thanks for your time. Regards, Harsha Sharma -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo inf

Re: [PATCH] tests: shell: add testcases for named objects

On Mon, Oct 9, 2017 at 5:32 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Sat, Oct 07, 2017 at 01:11:17PM +0530, Harsha Sharma wrote: >> On Fri, Oct 6, 2017 at 6:08 PM, Pablo Neira Ayuso <pa...@netfilter.org> >> wrote: >> > On Thu, Oct 05, 2017 at 0

Re: [PATCH] tests: shell: add testcases for named objects

On Mon, Oct 9, 2017 at 5:32 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Sat, Oct 07, 2017 at 01:11:17PM +0530, Harsha Sharma wrote: >> On Fri, Oct 6, 2017 at 6:08 PM, Pablo Neira Ayuso <pa...@netfilter.org> >> wrote: >> > On Thu, Oct 05, 2017 at 0

[PATCH v2] nftables: Add support for reserved header and addrs for routing header type 0

Add support for IPV6 routing header type 0 reserved field and addresses with corresponding tests Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- For struct exthdr_rt0, I have specified type to be IPPROTO_ROUTING due to which when exthdr_init_raw is called in exthdr_find_te

[PATCH] tests: xlate: print tests passed or error for testfile argument

Print tests passed with errors and warnings when run with only specified test file. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- xlate-test.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xlate-test.py b/xlate-test.py index 43c4be19..b7a053f9

[PATCH v2] tests: xlate: print tests passed and error for testfile argument

Print tests passed with errors and warnings when run with only specified test file. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- Changes in v2: -Change subject -print the errors if no argument is passed xlate-test.py | 4 ++-- 1 file changed, 2 insertions(+), 2 del

[PATCH] tests: add regression tests for xtables-translate

A INPUT -p tcp --dport 80 -m cpu ! --cpu 1 -j ACCEPT nft add rule ip filter INPUT tcp dport 80 cpu != 1 counter accept Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- extensions/libxt_TOS.txlate | 25 + 1 file changed, 25 insertions(+) create mode 1

Re: [PATCH v2] tests: xlate: print tests passed and error for testfile argument

On Tue, Oct 17, 2017 at 4:57 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Tue, Oct 17, 2017 at 02:54:58PM +0530, Harsha Sharma wrote: >> Print tests passed with errors and warnings when run with only specified >> test file. > > I would expect this works

[PATCH v2] libxt_TOS: add tests for translation infrastructure

This patch checks that the iptables TOS to nftables translation works fine. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- Changes in v2: -Change subject and log message extensions/libxt_TOS.txlate | 25 + 1 file changed, 25 insertions(+) creat

[PATCH] Update .gitignore

Added comments and files generated by libtools Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- .gitignore | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index fa86c482..3d1fc79d 100644 --- a/.gitignore +++ b/.git

[PATCH] tests: shell: add testcases for named limits

Add testcases for creating named limits and referencing them from rule Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- tests/shell/testcases/sets/0025named_limit_0 | 27 +++ 1 file changed, 27 insertions(+) create mode 100755 tests/shell/testcase

[PATCH] update INSTALL to add library libnfnetlink

configure.ac checks for libnfnetlink(>=1.0) library Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- INSTALL | 1 + 1 file changed, 1 insertion(+) diff --git a/INSTALL b/INSTALL index d62b428c..d28ea5c1 100644 --- a/INSTALL +++ b/INSTALL @@ -11,6 +11,7 @@ iptables uses

[PATCH] exthdr: Add support for reserved header and address

Add support for IPV6 type 0 routing header reserved field and address unable to test it with nft-test.py Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- include/exthdr.h | 2 ++ src/exthdr.c | 7 +-- tests/py/ip6/rt.t | 2 ++ 3 files changed, 5 insertions(+), 6 del

[PATCH 2/3] evaluate: Place constant on right side in comparison

Comparisons should place the constant on the right side of the test as per linux-kernel coding style Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- src/evaluate.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/evaluate.c b/src/evaluate.c index 5

[PATCH 3/3] evaluate: make pointers in string arrays constant

static const char * array should probably be static const char * const array as per linux-kernel coding style Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- src/evaluate.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/evaluate.c b/src/evaluate.c

[PATCH 1/3] evaluate: Remove unnecessary spaces

Code indent should use tabs wherever possible Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- src/evaluate.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/evaluate.c b/src/evaluate.c index e767542..5624ca2 100644 --- a/src/evaluate.c +++

[PATCH 0/3] evaluate: Follow linux-kernel coding style

Issues found using checkpatch.pl As per linux-kernel coding style, code indent should use tabs wherever possible and avoid unnecessary spaces. Comparisons shoukd place the constant on the right side of the test. static const char * array should be static const * char const array Harsha Sharma

Re: [PATCH] tests: shell: add testcases for named objects

On Fri, Oct 6, 2017 at 6:08 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Thu, Oct 05, 2017 at 03:45:39PM +0530, Harsha Sharma wrote: >> Add testcases for creating named objects with unique name, defined >> by user and referencing them from rule. > > Also app

Re: [PATCH v2] nftables: Add support for reserved header and addrs for routing header type 0

On Fri, Oct 6, 2017 at 1:06 PM, Harsha Sharma <harshasharmai...@gmail.com> wrote: > Add support for IPV6 routing header type 0 reserved field and addresses > with corresponding tests > > Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> > --- > For struct ext

[PATCH] iptables: Constify option struct

; expression e; position p; @@ e = i@p @bad@ position p != {r1.p,ok1.p}; identifier r1.i; @@ e@i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ static +const struct option i[] = { ... }; Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- iptables/ip6tables.

[PATCH] tests: py: Add option --all to nft-test.py

Add option --all to take all tests from files, place them in a temp file and then run all tests in one go printing all errors and warnings. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- tests/py/nft-test.py | 161 +++ 1 file c

[PATCH] netfilter: nfnl_cthelper: Replace kzalloc with kcalloc

kcalloc is preferred to allocate an array instead of kzalloc. This patch fixes checkpatch isssue. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- net/netfilter/nfnetlink_cthelper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/net

[PATCH] netfilter: nf_conntrack_h323: Remove typedef struct

ccinelle.T2 = T[:-2]; else: coccinelle.T2 = T; print T, coccinelle.T2 @r2@ type r1.T; identifier c1.T2; @@ -typedef struct + T2 { ... } -T ; @r3@ type r1.T; identifier c1.T2; @@ -T +struct T2 Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- net/netfilt

Re: [PATCH] tests: xlate: print total no. of testfiles, tests and tests passed

On Thu, Oct 19, 2017 at 4:05 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Wed, Oct 18, 2017 at 07:59:44PM +0530, Harsha Sharma wrote: >> Print errors and total no of tests and tests passed for testfile argument. >> Print total no. of testfiles, total no. of tests a

[PATCH] tests: xlate: Change testfile to take "extensions/test_file" as argument

When executing xlate-test.py with specified test file, give "extensions/test_file.txlate" as argument Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- xlate-test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xlate-test.py b/xlate-test.p

[PATCH] tests: xlate: print total no. of testfiles, tests and tests passed

Print errors and total no of tests and tests passed for testfile argument. Print total no. of testfiles, total no. of tests and total no. of tests passed for "all" argument. Change testfile argument to take "extensions/test_file" as argument. Signed-off-by: Harsha S

[PATCH] tests/py: add test for empty string match

This patch add tests for empty string match which fails with error "Empty string is not allowed". Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- tests/py/any/ct.t | 1 + tests/py/any/meta.t | 2 ++ 2 files changed, 3 insertions(+) diff --git a/tests/py/any/ct.

nft crashes on empty interface name

? Thanks in advance. Regards, Harsha Sharma -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

[PATCH] evaluate: print error for null string befort assert statement

Print error "Null string is not allowed" before assert statement. For e.g. nft add rule filter input meta iifname '""' Error: Null String is not allowed add rule filter input meta iifname "" Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- src/ev

Re: [PATCH] extensions: libxt_hashlimit: Do not print default timeout and burst

On Tue, Dec 19, 2017 at 7:31 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Tue, Dec 19, 2017 at 05:57:16PM +0530, Harsha Sharma wrote: >> @@ -1340,7 +1345,9 @@ static int hashlimit_mt_xlate(struct xt_xlate *xl, >> const char *name, >> xt_xlate_add(

Unable to compile linux-kernel pulled from nf-next tree

' failed make[2]: *** [net/nsh/nsh.ko] Error 1 Makefile:1232: recipe for target '_modinst_' failed make[1]: *** [_modinst_] Error 2 Makefile:527: recipe for target '__build_one_by_one' failed make: *** [__build_one_by_one] Error 2 Any help will be appreciated. Thanks. Regards, Harsha Sharma

[PATCH] tests/monitor: Print error "this requires root" and exit

If executed without root privileges, print error "this requires root!" and exit. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- tests/monitor/run-tests.sh | 5 + 1 file changed, 5 insertions(+) diff --git a/tests/monitor/run-tests.sh b/tests/monitor/run-tests.

[PATCH] src: Add option '-D' to define variables from command-line

This patch adds option '-D' with optarg in form test="foo" to define variable to be referenced from input file. For eg. nft -D test="foo" -f /tmp/test1 Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- This patch passes identifier and its value as nft_ct

[PATCH] src: Add option -D to define variable from command line

This patch takes argument of '-D' option and pass it to nft_run_cmd_from_filename and parses the string in scanner_push_file along with input file. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- I want to parse both input string and input file in scanner_push_file but unable

[PATCH v3] tests: xlate: print output in same way as nft-test.py

iled, 0 errors sudo ./xlate-test.py extensions/libxt_connlabel.txlate extensions/libxt_connlabel.txlate: Error: iptables-translate failure iptables-translate v1.6.1: Couldn't load match `connlabel':No such file or directory ... 1 test file, 2 tests, 0 tests passed, 0 tests failed, 2 errors Signed-

[PATCH libnftnl 1/2] examples: Add test for assigning helper objects via rule

Usage: ./nft-rule-ct-helper-add ip filter input sip-5060 ./nft-rule-get ip filter ip filter input 7 6 [ objref type 3 name sip-5060 ] nft list ruleset ... chain input { ct helper set "sip-5060" } Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- exam

[PATCH libnftnl WIP 2/2] examples: Add test for assigning timeout objects via rule

Usage: ./nft-rule-ct-timeout-add ip filter input some-name ./nft-rule-get ip filter ip filter input 6 [ objref type 5 name some-name ] nft list ruleset ... chain input { ct timeout set "some-name" } Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- exam

[PATCH libnftnl v2 3/3] examples: Add test for assigning timeout objects via rule

Usage: ./nft-rule-ct-timeout-add ip filter input some-name ./nft-rule-get ip filter ip filter input 6 [ objref type 5 name some-name ] nft list ruleset ... chain input { ct timeout set "some-name" } Signed-off-by: Harsha Sharma --- Changes in v2: - Add this in example

[PATCH libnftnl v2 2/3] examples: add nft-ct-timeout-{add,del,get}

,CLOSE_WAIT = 140,LAST_ACK = 30,TIME_WAIT = 120, CLOSE = 165,SYN_SENT2 = 120,RETRANS = 300,UNACKNOWLEDGED = 300,}] % ./nft-ct-timeout-del ip filter some-name Signed-off-by: Harsha Sharma --- Changes in v2: - changes in timeout policy values examples/Makefile.am | 12 examples/nft

[PATCH nf-next v4] netfilter: nft_ct: add ct timeout support

19.128 dst=172.16.19.1 sport=22 dport=41360 [UNREPLIED] src=172.16.19.1 dst=172.16.19.128 sport=41360 dport=22 zone=4 Signed-off-by: Harsha Sharma --- Changes in v4: - Remove unused attributes - allocate template from init() path - minor changes - updated log message - pull to latest tree Changes in v

Re: [PATCH nf-next v4] netfilter: nft_ct: add ct timeout support

Hello, On Tue, Jun 12, 2018 at 12:17 AM, Harsha Sharma wrote: > This patch allows to add, list and delete connection tracking timeout > policies via nft objref infrastructure and assigning these timeout > via nft rule. > > Ruleset: > > table ip raw { >ct timeout ct

[PATCH libnftnl v2 1/3] src: add ct timeout support

Add support for ct timeout objects, used to assign connection tracking timeout policies. Signed-off-by: Harsha Sharma --- Chenges in v2: - minor changes include/libnftnl/Makefile.am| 3 +- include/libnftnl/cttimeout.h| 88 include/libnftnl/object.h | 9

[PATCH libnftnl v2 0/3] Add ct timeout support

Add support for ct timeout objects, used to assign connection tracking timeout policies and examples. Harsha Sharma (3): src: add ct timeout support examples: add nft-ct-timeout-{add,del,get} examples: Add test for assigning timeout objects via rule examples/Makefile.am

[PATCH WIP nftables] src: add ct timeout support

put handle %nft delete ct timeout filter test-tcp Signed-off-by: Harsha Sharma --- include/linux/netfilter/nf_tables.h | 13 +++- include/rule.h | 17 + src/evaluate.c | 4 ++ src/netlink.c | 19 ++ src/pars

Re: [PATCH WIP nftables] src: add ct timeout support

Hello, On Thu, Jun 14, 2018 at 1:11 AM, Harsha Sharma wrote: > This patch adds support for adding, listing and deleting ct timeout > objects which can be assigned via rule to assign connection tracking > timeout policies via objref infrastructure. > > %nft add table filter &

Re: [PATCH nf-next v4] netfilter: nft_ct: add ct timeout support

Hello, On Tue, Jun 12, 2018 at 7:23 PM, Pablo Neira Ayuso wrote: > On Tue, Jun 12, 2018 at 03:21:35PM +0200, Florian Westphal wrote: >> Harsha Sharma wrote: >> > +ctnl_timeout_parse_policy(void *timeouts, >> > + const struct nf

Re: [PATCH WIP nftables] src: add ct timeout support

Hello, On Thu, Jun 14, 2018 at 1:11 AM, Harsha Sharma wrote: > This patch adds support for adding, listing and deleting ct timeout > objects which can be assigned via rule to assign connection tracking > timeout policies via objref infrastructure. > > %nft add table filter &

[PATCH nf-next v3] netfilter: nft_ct: add ct timeout support

{ type filter hook output priority -300; policy accept; ct timeout set "cttime" } } Signed-off-by: Harsha Sharma --- Changes in v3: - Use nf_ct_tmpl_alloc to attach timeout via template conntrack. Changes in v2: - Add code for nft_ct_timeout_obj_eval - remove likely()

[PATCH v2] tests: xlate: print total no. of testfiles, tests and tests passed

sts passed sudo ./xlate-test.py libxt_ipcomp.txlate 1 test file, 2 tests, 2 tests passed Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- Changes in v2: -Change log message -Remove changes for testfile argument xlate-test.py | 22 +++--- 1 file changed, 19

[PATCH] extensions: add tests for ipcomp protocol

This patch adds test for ipcomp protocol. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- extensions/libxt_ipcomp.t | 5 + 1 file changed, 5 insertions(+) create mode 100644 extensions/libxt_ipcomp.t diff --git a/extensions/libxt_ipcomp.t b/extensions/libxt_ipcomp.t ne

Re: Unable to git clone git repositories

On Sat, Dec 30, 2017 at 11:41 AM, Duncan Roe wrote: > Hi, > > It looks like there is a low-level networking problem or maybe misconfigured > firewall in the netfilter git server netfilter.us.es.git. > Yes, facing same problem. > The server responds immediately to the

[PATCH] parser_bison: extend nft to delete table via table handle

This patch allows deletion of table via unique table handles which can be listed with '-a' option. For.eg. nft delete table handle 4 Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- src/parser_bison.y | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff

[PATCH] netfilter: nf_tables: delete table via table handle

This patch add code to delete table via unique table handle. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- net/netfilter/nf_tables_api.c | 99 --- 1 file changed, 92 insertions(+), 7 deletions(-) diff --git a/net/netfilter/nf_tables

[PATCH] src: parse new handle attribute for tables

This patch adds code to parse new handle attribute for tables. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- include/libnftnl/table.h| 3 +++ include/libnftnl/trace.h| 1 + include/linux/netfilter/nf_tables.h | 4 src/libnft

[PATCH] netfilter: nf_tables: allocate table handle

This patch adds code to allocate 'handle' in tables, which allow us to uniquely identify a table. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- include/net/netfilter/nf_tables.h| 2 ++ include/uapi/linux/netfilter/nf_tables.h | 2 ++ net/netfilter/nf_tables

[PATCH] src: print 'handle' attribute in tables

ssh counter packets 0 bytes 0 # handle 4 } # handle 2} table ip xyz { # handle 3} Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- include/linux/netfilter/nf_tables.h | 4 src/netlink.c | 6 +- src/rule.c | 2 ++ 3

Re: [PATCH] src: print 'handle' attribute in tables

On Sun, Dec 24, 2017 at 8:07 PM, Adel Belhouane <bugs@free.fr> wrote: > Hello, > > Le 23/12/2017 à 20:45, Harsha Sharma a écrit : >> Print 'handle' attribute in tables, when listing via '-a' option >> >> For eg. >> nft list ruleset -a >>

Re: [PATCH] netfilter: nf_tables: delete table via table handle

On Sun, Jan 7, 2018 at 4:32 AM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Sun, Jan 07, 2018 at 12:00:15AM +0530, Harsha Sharma wrote: >> This patch add code to delete table via unique table handle. >> >> Signed-off-by: Harsha Sharma <harshasharmai...@gmail

[PATCH v2] parser_bison: extend nft to delete table via table handle

This patch allows deletion of table via unique table handles which can be listed with '-a' option. For.eg. nft delete table handle 4 Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- Changes in v2: -remove tableid_spec src/parser_bison.y | 4 1 file changed, 4 inse

Re: [PATCH] netfilter: nf_tables: delete table via table handle

On Sun, Jan 7, 2018 at 11:46 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Sun, Jan 07, 2018 at 11:40:47PM +0530, Harsha Sharma wrote: >> On Sun, Jan 7, 2018 at 11:26 PM, Pablo Neira Ayuso <pa...@netfilter.org> >> wrote: >> > On Sun, Jan 07, 2018 at 0

Re: [PATCH] netfilter: nf_tables: delete table via table handle

On Mon, Jan 8, 2018 at 12:21 AM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Sun, Jan 07, 2018 at 11:58:49PM +0530, Harsha Sharma wrote: >> On Sun, Jan 7, 2018 at 11:46 PM, Pablo Neira Ayuso <pa...@netfilter.org> >> wrote: >> > On Sun, Jan 07, 2018 at 1

Re: [PATCH] netfilter: nf_tables: delete table via table handle

On Sun, Jan 7, 2018 at 11:26 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > On Sun, Jan 07, 2018 at 02:49:29PM +0530, Harsha Sharma wrote: >> On Sun, Jan 7, 2018 at 4:32 AM, Pablo Neira Ayuso <pa...@netfilter.org> >> wrote: >> > On Sun, Jan 07, 2018 at 1

[PATCH 0/2] parser_bison: delete chains via chain handle

Print chain handles with option '-a' and delete chains via chain handle Harsha Sharma (2): src: Print handle attribute in chains parser_bison: extend nft to delete chain via chain handle src/parser_bison.y | 16 ++-- src/rule.c | 5 - 2 files changed, 18 insertions

[PATCH] netfilter: nf_tables: delete chains via chain handle

This patch allows deletion of chains via unique chain handle which can be listed via '-a' option and table family and table name. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- net/netfilter/nf_tables_api.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff

[PATCH 2/2] parser_bison: extend nft to delete chain via chain handle

This patch allows deletion of chains via unique chain handles which can be listed with '-a' option and table name and family. For eg. nft delete chain [] [handle ] Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- src/parser_bison.y | 16 ++-- 1 file chang

[PATCH 1/2] src: Print handle attribute in chains

Print handle attribute in chains when listing via '-a' option. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- src/rule.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/rule.c b/src/rule.c index e875816..7d66c22 100644 --- a/src/rule.c +++ b/src/

[PATCH v2] netfilter: nf_tables: delete table via table handle

This patch add code to delete table via unique table handle and table family. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- Changes in v2: - Remove nf_tables_afinfo_lookup_byhandle - Change log message net/netfilter/nf_tables_api.

[PATCH v3] parser_bison: extend nft to delete table via table handle

This patch allows deletion of table via unique table handles and table family which can be listed with '-a' option. For.eg. nft delete table [] [handle ] Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- Changes in v3: - Add tableid_spec - Change log message Changes in v2: -

[PATCH v3] netfilter: nf_tables: delete table via table handle

This patch add code to delete table via unique table handle and table family. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- Changes in v3: -Remove __nft_table_lookup_byhandle Changes in v2: - Remove nf_tables_afinfo_lookup_byhandle - Change log message net/net

[PATCH] src: parse new handle attribute for objects

This patch add code to allocate object handles and delete objects via object handles. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- include/libnftnl/object.h | 1 + include/linux/netfilter/nf_tables.h | 2 ++ include/obj.h | 1 + src/ob

[PATCH] src: extend nft to list object handle and delete objects via handle

Print handle attributes in objects when listing via '-a' option and delete objects via their unique object handles. For e.g. nft delete [] [] [handle ] Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- include/linux/netfilter/nf_tables.h | 2 ++ src/net

[PATCH] netfilter: nf_tables: allocate obj handle and delete obj via obj handle

This patch add code to allocate unique object handles and delete objects via those unique object handles. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- include/net/netfilter/nf_tables.h| 2 ++ include/uapi/linux/netfilter/nf_tables.h | 3 +++ net/net

[PATCH] tests/shell: add tests for deletion of objects via object handle

Delete objects with given object handle Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- .../testcases/optionals/delete_object_handles_0| 40 ++ 1 file changed, 40 insertions(+) create mode 100755 tests/shell/testcases/optionals/delete_object_handles_0

[PATCH v2] src: print 'handle' attribute in tables

ssh counter packets 0 bytes 0 # handle 4 } } # handle 2 table ip xyz { } # handle 3 Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- Change in v2: - print handle after '}' - change log message accordingly include/linux/netfilter/nf_tables.h | 4 src/net

[PATCH] src: extend nft to list set handle and delete set via set handle

Print 'handle' attribute in sets when listing via '-a' option and delete sets via their unique set handles listed with '-a' option. For e.g. nft delete set [] [handle ] Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- include/linux/netfilter/nf_tables.h | 2 ++ src/net

[PATCH] src: parse new handle attribute for sets

This patch adds code to allocate set handles and delete sets via set handle. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- include/libnftnl/set.h | 1 + include/linux/netfilter/nf_tables.h | 2 ++ include/set.h | 1 + src

[PATCH] netfilter: nf_tables: allocate set handle and delete sets via set handle

This patch add code to allocate unique set handles and delete sets via those unique set handles. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- include/net/netfilter/nf_tables.h| 2 ++ include/uapi/linux/netfilter/nf_tables.h | 2 ++ net/netfilter/nf_tables

[PATCH] tests/shell: add tests for deletion of sets via set handle

Delete set with given unique set handle. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- tests/shell/testcases/sets/0028delete_handle_0 | 33 ++ 1 file changed, 33 insertions(+) create mode 100755 tests/shell/testcases/sets/0028delete_handle_0 diff

[PATCH v2] src: parse new handle attribute for tables

This patch adds code to parse new handle attribute for tables. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- Changes in v2: - Remove code for tracing table handle. include/libnftnl/table.h| 3 +++ include/linux/netfilter/nf_tables.h | 2 ++ src/libnft

Re: [PATCH] netfilter: nf_tables: allocate table handle

On Tue, Dec 26, 2017 at 9:41 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote: > Hi Harsha, > > On Sat, Dec 23, 2017 at 11:44:20AM -0800, Harsha Sharma wrote: >> This patch adds code to allocate 'handle' in tables, which allow us to >> uniquely identify a table. >>

[PATCH libnftnl] tests: change char * pointer to constant (const char *)

As the parameter for function is pointer to constant, change it to constant. This fix compilation warning in libnftnl with make check. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- tests/nft-expr_immediate-test.c | 4 ++-- tests/nft-expr_lookup-test.c| 2 +- tes

[PATCH libnftnl] tests: nft-parsing-test: fix warning - ignoring return value of fgets

This patch fixes compilation warning: ignoring return value of fgets. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- tests/nft-parsing-test.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/nft-parsing-test.c b/tests/nft-parsing-test.c index d

[PATCH v2] netfilter: nf_tables: allocate table handle

This patch adds code to allocate 'handle' in tables, which allow us to uniquely identify a table. Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- Changes in v2: -Don't restore table handle in nf_tables_newtable -Remove spaces before tabs include/net/netfilter/nf_ta

[PATCH v2] extensions: libxt_hashlimit: Do not print default timeout and burst

. ip saddr limit rate over 200/second } counter drop Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com> --- Changes in v2: -Simple comparison for default values extensions/libxt_hashlimit.c | 20 1 file changed, 12 insertions(+), 8 deletions(-) diff

[PATCH nf-next v3 1/2] netfilter: Kconfig: Make NF_CT_NETLINK_TIMEOUT depend on NF_CONNTRACK_TIMEOUT

With this, remove ifdef for NF_CONNTRACK_CTTIMEOUT in nfnetlink_cttimeout. This is also required for moving ctnl_untimeout from nfnetlink_cttimeout to nf_conntrack_timeout. Signed-off-by: Harsha Sharma --- Changes in v3: - No changes Changes in v2: - No changes net/netfilter/Kconfig

[PATCH nf-next v3 2/2] netfilter: cttimeout: move ctnl_untimeout to nf_conntrack

As, ctnl_untimeout is required by nft_ct, so move ctnl_timeout from nfnetlink_cttimeout to nf_conntrack_timeout and rename as nf_ct_timeout. Signed-off-by: Harsha Sharma --- Changes in v3: - Add static inline definition for nf_ct_untimeout when CONFIG_NF_CONNTRACK_TIMEOUT is not defined

[PATCH nf-next v10] netfilter: nft_ct: add ct timeout support

19.128 dst=172.16.19.1 sport=22 dport=41360 [UNREPLIED] src=172.16.19.1 dst=172.16.19.128 sport=41360 dport=22 %nft delete rule ip raw output handle %./libnftnl/examples/nft-ct-timeout-del ip raw cttime Signed-off-by: Harsha Sharma --- Changes in v10: - remove all ifdef in nft_ct - minor changes Cha

  1   2   >