Add configure with lixtables in INSTALL and required dependencies for
the same
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
INSTALL | 11 +++
1 file changed, 11 insertions(+)
diff --git a/INSTALL b/INSTALL
index 3e9a6ad..04981f1 100644
--- a/INSTALL
+++ b/I
Update shell/run-tests.sh to refer /src/nft with a relative path
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
tests/shell/run-tests.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh
index 4eba0a8..d
static const char * array should probably be static const char *
const array as per linux-kernel coding style
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
src/erec.c | 2 +-
src/evaluate.c | 4 ++--
src/rule.c | 6 +++---
src/statement.c | 4 ++--
4 files chan
Add testcases for creating named objects with unique name, defined
by user and referencing them from rule.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
tests/shell/testcases/sets/0024named_objects_0 | 41 ++
1 file changed, 41 insertions(+)
creat
s for your time.
Regards,
Harsha Sharma
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Merge assignment with return statement to directly return the value.
Done using following coccinelle semantic patch
@@
local idexpression ret;
expression e;
@@
-ret =
+return
e;
-return ret;
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
src/mini-gmp.c | 3 +-
Refer to relative path for tests from any directory if path for testcases
is specified.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
tests/shell/run-tests.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/shell/run-tests.sh b/tests/shell/run-te
Remove spaces before tab and at the start of a line
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
There are other such files but I am breaking it down to make review
easy.
src/datatype.c | 4 ++--
src/evaluate.c | 2 +-
src/gmputil.c | 4 ++--
src/main.c | 2 +-
src/
Remove unnecessary spaces and use tabs for code indent.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
src/datatype.c | 2 +-
src/evaluate.c | 10 +-
src/gmputil.c | 4 ++--
src/meta.c | 4 ++--
src/netlink.c | 6 +++---
src/segtree.c | 4 ++--
6 files c
snprintf rather than
> strncpy, and then as you already do explain why the change is desirable in
> the commit log. Then one is somehow better oriented to what is going on.
>
Hi,
Thanks for your feedback.
I have sent another version for the patch.
Thanks for your time :)
Regards,
Harsha Sh
Use "%zx" and "%zu" over "%Zx" and "%Zu" respectively as "%Zx" and "%Zu"
is non-standard C.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
src/datatype.c | 8
1 file changed, 4 insertions(+), 4 deleti
Use snprintf() over strncpy() functions as the buffer is not null
terminated in strncpy().
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
Changes in v2:
-Change subject
src/datatype.c | 2 +-
src/iface.c| 4 ++--
src/netlink.c | 4 ++--
3 files changed, 5 insertions
and time-exceeded are not supported as some of their type
values mismatches otherwise.
Can someone please guide me on what will be the best way to add support
for unreach, redirect and time-exceeded codes in icmp and icmp6
extensions in nftables.
Thanks for your time.
Regards,
Harsha Sharma
] and
[RTHDR_NEXTHDR].
Can anyone please guide me on how to declare macros in parser_bison.c?
Thanks for your time.
Regards,
Harsha Sharma
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo inf
On Mon, Oct 9, 2017 at 5:32 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> On Sat, Oct 07, 2017 at 01:11:17PM +0530, Harsha Sharma wrote:
>> On Fri, Oct 6, 2017 at 6:08 PM, Pablo Neira Ayuso <pa...@netfilter.org>
>> wrote:
>> > On Thu, Oct 05, 2017 at 0
On Mon, Oct 9, 2017 at 5:32 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> On Sat, Oct 07, 2017 at 01:11:17PM +0530, Harsha Sharma wrote:
>> On Fri, Oct 6, 2017 at 6:08 PM, Pablo Neira Ayuso <pa...@netfilter.org>
>> wrote:
>> > On Thu, Oct 05, 2017 at 0
Add support for IPV6 routing header type 0 reserved field and addresses
with corresponding tests
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
For struct exthdr_rt0, I have specified type to be IPPROTO_ROUTING
due to which when exthdr_init_raw is called in exthdr_find_te
Print tests passed with errors and warnings when run with only specified
test file.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
xlate-test.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/xlate-test.py b/xlate-test.py
index 43c4be19..b7a053f9
Print tests passed with errors and warnings when run with only specified
test file.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
Changes in v2:
-Change subject
-print the errors if no argument is passed
xlate-test.py | 4 ++--
1 file changed, 2 insertions(+), 2 del
A INPUT -p tcp --dport 80 -m cpu ! --cpu 1 -j ACCEPT
nft add rule ip filter INPUT tcp dport 80 cpu != 1 counter accept
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
extensions/libxt_TOS.txlate | 25 +
1 file changed, 25 insertions(+)
create mode 1
On Tue, Oct 17, 2017 at 4:57 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> On Tue, Oct 17, 2017 at 02:54:58PM +0530, Harsha Sharma wrote:
>> Print tests passed with errors and warnings when run with only specified
>> test file.
>
> I would expect this works
This patch checks that the iptables TOS to nftables translation works fine.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
Changes in v2:
-Change subject and log message
extensions/libxt_TOS.txlate | 25 +
1 file changed, 25 insertions(+)
creat
Added comments and files generated by libtools
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
.gitignore | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/.gitignore b/.gitignore
index fa86c482..3d1fc79d 100644
--- a/.gitignore
+++ b/.git
Add testcases for creating named limits and referencing them
from rule
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
tests/shell/testcases/sets/0025named_limit_0 | 27 +++
1 file changed, 27 insertions(+)
create mode 100755 tests/shell/testcase
configure.ac checks for libnfnetlink(>=1.0) library
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
INSTALL | 1 +
1 file changed, 1 insertion(+)
diff --git a/INSTALL b/INSTALL
index d62b428c..d28ea5c1 100644
--- a/INSTALL
+++ b/INSTALL
@@ -11,6 +11,7 @@ iptables uses
Add support for IPV6 type 0 routing header reserved field and address
unable to test it with nft-test.py
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
include/exthdr.h | 2 ++
src/exthdr.c | 7 +--
tests/py/ip6/rt.t | 2 ++
3 files changed, 5 insertions(+), 6 del
Comparisons should place the constant on the right side of the test
as per linux-kernel coding style
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
src/evaluate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index 5
static const char * array should probably be static const char * const
array
as per linux-kernel coding style
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
src/evaluate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
Code indent should use tabs wherever possible
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
src/evaluate.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index e767542..5624ca2 100644
--- a/src/evaluate.c
+++
Issues found using checkpatch.pl
As per linux-kernel coding style, code indent should use tabs wherever
possible and avoid unnecessary spaces.
Comparisons shoukd place the constant on the right side of the test.
static const char * array should be static const * char const array
Harsha Sharma
On Fri, Oct 6, 2017 at 6:08 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> On Thu, Oct 05, 2017 at 03:45:39PM +0530, Harsha Sharma wrote:
>> Add testcases for creating named objects with unique name, defined
>> by user and referencing them from rule.
>
> Also app
On Fri, Oct 6, 2017 at 1:06 PM, Harsha Sharma
<harshasharmai...@gmail.com> wrote:
> Add support for IPV6 routing header type 0 reserved field and addresses
> with corresponding tests
>
> Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
> ---
> For struct ext
;
expression e;
position p;
@@
e = i@p
@bad@
position p != {r1.p,ok1.p};
identifier r1.i;
@@
e@i@p
@depends on !bad disable optional_qualifier@
identifier r1.i;
@@
static
+const
struct option i[] = { ... };
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
iptables/ip6tables.
Add option --all to take all tests from files, place them in a temp
file and then run all tests in one go printing all errors and warnings.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
tests/py/nft-test.py | 161 +++
1 file c
kcalloc is preferred to allocate an array instead of kzalloc.
This patch fixes checkpatch isssue.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
net/netfilter/nfnetlink_cthelper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/net
ccinelle.T2 = T[:-2];
else:
coccinelle.T2 = T;
print T, coccinelle.T2
@r2@
type r1.T;
identifier c1.T2;
@@
-typedef
struct
+ T2
{ ... }
-T
;
@r3@
type r1.T;
identifier c1.T2;
@@
-T
+struct T2
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
net/netfilt
On Thu, Oct 19, 2017 at 4:05 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> On Wed, Oct 18, 2017 at 07:59:44PM +0530, Harsha Sharma wrote:
>> Print errors and total no of tests and tests passed for testfile argument.
>> Print total no. of testfiles, total no. of tests a
When executing xlate-test.py with specified test file, give
"extensions/test_file.txlate" as argument
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
xlate-test.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xlate-test.py b/xlate-test.p
Print errors and total no of tests and tests passed for testfile argument.
Print total no. of testfiles, total no. of tests and total no. of tests
passed for "all" argument.
Change testfile argument to take "extensions/test_file" as argument.
Signed-off-by: Harsha S
This patch add tests for empty string match which fails with error "Empty
string is not allowed".
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
tests/py/any/ct.t | 1 +
tests/py/any/meta.t | 2 ++
2 files changed, 3 insertions(+)
diff --git a/tests/py/any/ct.
?
Thanks in advance.
Regards,
Harsha Sharma
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Print error "Null string is not allowed" before assert statement.
For e.g.
nft add rule filter input meta iifname '""'
Error: Null String is not allowed
add rule filter input meta iifname ""
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
src/ev
On Tue, Dec 19, 2017 at 7:31 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> On Tue, Dec 19, 2017 at 05:57:16PM +0530, Harsha Sharma wrote:
>> @@ -1340,7 +1345,9 @@ static int hashlimit_mt_xlate(struct xt_xlate *xl,
>> const char *name,
>> xt_xlate_add(
' failed
make[2]: *** [net/nsh/nsh.ko] Error 1
Makefile:1232: recipe for target '_modinst_' failed
make[1]: *** [_modinst_] Error 2
Makefile:527: recipe for target '__build_one_by_one' failed
make: *** [__build_one_by_one] Error 2
Any help will be appreciated.
Thanks.
Regards,
Harsha Sharma
If executed without root privileges, print error "this requires root!"
and exit.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
tests/monitor/run-tests.sh | 5 +
1 file changed, 5 insertions(+)
diff --git a/tests/monitor/run-tests.sh b/tests/monitor/run-tests.
This patch adds option '-D' with optarg in form test="foo" to define
variable to be referenced from input file.
For eg.
nft -D test="foo" -f /tmp/test1
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
This patch passes identifier and its value as nft_ct
This patch takes argument of '-D' option and pass it to
nft_run_cmd_from_filename and parses the string in scanner_push_file along
with input file.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
I want to parse both input string and input file in scanner_push_file
but unable
iled, 0 errors
sudo ./xlate-test.py extensions/libxt_connlabel.txlate
extensions/libxt_connlabel.txlate: Error: iptables-translate failure
iptables-translate v1.6.1: Couldn't load match `connlabel':No such file
or directory
...
1 test file, 2 tests, 0 tests passed, 0 tests failed, 2 errors
Signed-
Usage:
./nft-rule-ct-helper-add ip filter input sip-5060
./nft-rule-get ip filter
ip filter input 7 6
[ objref type 3 name sip-5060 ]
nft list ruleset
...
chain input {
ct helper set "sip-5060"
}
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
exam
Usage:
./nft-rule-ct-timeout-add ip filter input some-name
./nft-rule-get ip filter
ip filter input 6
[ objref type 5 name some-name ]
nft list ruleset
...
chain input {
ct timeout set "some-name"
}
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
exam
Usage:
./nft-rule-ct-timeout-add ip filter input some-name
./nft-rule-get ip filter
ip filter input 6
[ objref type 5 name some-name ]
nft list ruleset
...
chain input {
ct timeout set "some-name"
}
Signed-off-by: Harsha Sharma
---
Changes in v2:
- Add this in example
,CLOSE_WAIT = 140,LAST_ACK = 30,TIME_WAIT = 120,
CLOSE = 165,SYN_SENT2 = 120,RETRANS = 300,UNACKNOWLEDGED = 300,}]
% ./nft-ct-timeout-del ip filter some-name
Signed-off-by: Harsha Sharma
---
Changes in v2:
- changes in timeout policy values
examples/Makefile.am | 12
examples/nft
19.128 dst=172.16.19.1
sport=22 dport=41360 [UNREPLIED] src=172.16.19.1 dst=172.16.19.128
sport=41360 dport=22 zone=4
Signed-off-by: Harsha Sharma
---
Changes in v4:
- Remove unused attributes
- allocate template from init() path
- minor changes
- updated log message
- pull to latest tree
Changes in v
Hello,
On Tue, Jun 12, 2018 at 12:17 AM, Harsha Sharma
wrote:
> This patch allows to add, list and delete connection tracking timeout
> policies via nft objref infrastructure and assigning these timeout
> via nft rule.
>
> Ruleset:
>
> table ip raw {
>ct timeout ct
Add support for ct timeout objects, used to assign connection tracking
timeout policies.
Signed-off-by: Harsha Sharma
---
Chenges in v2:
- minor changes
include/libnftnl/Makefile.am| 3 +-
include/libnftnl/cttimeout.h| 88
include/libnftnl/object.h | 9
Add support for ct timeout objects, used to assign connection
tracking timeout policies and examples.
Harsha Sharma (3):
src: add ct timeout support
examples: add nft-ct-timeout-{add,del,get}
examples: Add test for assigning timeout objects via rule
examples/Makefile.am
put handle
%nft delete ct timeout filter test-tcp
Signed-off-by: Harsha Sharma
---
include/linux/netfilter/nf_tables.h | 13 +++-
include/rule.h | 17 +
src/evaluate.c | 4 ++
src/netlink.c | 19 ++
src/pars
Hello,
On Thu, Jun 14, 2018 at 1:11 AM, Harsha Sharma
wrote:
> This patch adds support for adding, listing and deleting ct timeout
> objects which can be assigned via rule to assign connection tracking
> timeout policies via objref infrastructure.
>
> %nft add table filter
&
Hello,
On Tue, Jun 12, 2018 at 7:23 PM, Pablo Neira Ayuso wrote:
> On Tue, Jun 12, 2018 at 03:21:35PM +0200, Florian Westphal wrote:
>> Harsha Sharma wrote:
>> > +ctnl_timeout_parse_policy(void *timeouts,
>> > + const struct nf
Hello,
On Thu, Jun 14, 2018 at 1:11 AM, Harsha Sharma
wrote:
> This patch adds support for adding, listing and deleting ct timeout
> objects which can be assigned via rule to assign connection tracking
> timeout policies via objref infrastructure.
>
> %nft add table filter
&
{
type filter hook output priority -300; policy accept;
ct timeout set "cttime"
}
}
Signed-off-by: Harsha Sharma
---
Changes in v3:
- Use nf_ct_tmpl_alloc to attach timeout via template conntrack.
Changes in v2:
- Add code for nft_ct_timeout_obj_eval
- remove likely()
sts passed
sudo ./xlate-test.py libxt_ipcomp.txlate
1 test file, 2 tests, 2 tests passed
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
Changes in v2:
-Change log message
-Remove changes for testfile argument
xlate-test.py | 22 +++---
1 file changed, 19
This patch adds test for ipcomp protocol.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
extensions/libxt_ipcomp.t | 5 +
1 file changed, 5 insertions(+)
create mode 100644 extensions/libxt_ipcomp.t
diff --git a/extensions/libxt_ipcomp.t b/extensions/libxt_ipcomp.t
ne
On Sat, Dec 30, 2017 at 11:41 AM, Duncan Roe wrote:
> Hi,
>
> It looks like there is a low-level networking problem or maybe misconfigured
> firewall in the netfilter git server netfilter.us.es.git.
>
Yes, facing same problem.
> The server responds immediately to the
This patch allows deletion of table via unique table handles which can
be listed with '-a' option.
For.eg.
nft delete table handle 4
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
src/parser_bison.y | 14 --
1 file changed, 12 insertions(+), 2 deletions(-)
diff
This patch add code to delete table via unique table handle.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
net/netfilter/nf_tables_api.c | 99 ---
1 file changed, 92 insertions(+), 7 deletions(-)
diff --git a/net/netfilter/nf_tables
This patch adds code to parse new handle attribute for tables.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
include/libnftnl/table.h| 3 +++
include/libnftnl/trace.h| 1 +
include/linux/netfilter/nf_tables.h | 4
src/libnft
This patch adds code to allocate 'handle' in tables, which allow us to
uniquely identify a table.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
include/net/netfilter/nf_tables.h| 2 ++
include/uapi/linux/netfilter/nf_tables.h | 2 ++
net/netfilter/nf_tables
ssh counter packets 0 bytes 0 # handle 4
}
# handle 2}
table ip xyz {
# handle 3}
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
include/linux/netfilter/nf_tables.h | 4
src/netlink.c | 6 +-
src/rule.c | 2 ++
3
On Sun, Dec 24, 2017 at 8:07 PM, Adel Belhouane <bugs@free.fr> wrote:
> Hello,
>
> Le 23/12/2017 à 20:45, Harsha Sharma a écrit :
>> Print 'handle' attribute in tables, when listing via '-a' option
>>
>> For eg.
>> nft list ruleset -a
>>
On Sun, Jan 7, 2018 at 4:32 AM, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> On Sun, Jan 07, 2018 at 12:00:15AM +0530, Harsha Sharma wrote:
>> This patch add code to delete table via unique table handle.
>>
>> Signed-off-by: Harsha Sharma <harshasharmai...@gmail
This patch allows deletion of table via unique table handles which can
be listed with '-a' option.
For.eg.
nft delete table handle 4
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
Changes in v2:
-remove tableid_spec
src/parser_bison.y | 4
1 file changed, 4 inse
On Sun, Jan 7, 2018 at 11:46 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> On Sun, Jan 07, 2018 at 11:40:47PM +0530, Harsha Sharma wrote:
>> On Sun, Jan 7, 2018 at 11:26 PM, Pablo Neira Ayuso <pa...@netfilter.org>
>> wrote:
>> > On Sun, Jan 07, 2018 at 0
On Mon, Jan 8, 2018 at 12:21 AM, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> On Sun, Jan 07, 2018 at 11:58:49PM +0530, Harsha Sharma wrote:
>> On Sun, Jan 7, 2018 at 11:46 PM, Pablo Neira Ayuso <pa...@netfilter.org>
>> wrote:
>> > On Sun, Jan 07, 2018 at 1
On Sun, Jan 7, 2018 at 11:26 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> On Sun, Jan 07, 2018 at 02:49:29PM +0530, Harsha Sharma wrote:
>> On Sun, Jan 7, 2018 at 4:32 AM, Pablo Neira Ayuso <pa...@netfilter.org>
>> wrote:
>> > On Sun, Jan 07, 2018 at 1
Print chain handles with option '-a' and delete chains via chain handle
Harsha Sharma (2):
src: Print handle attribute in chains
parser_bison: extend nft to delete chain via chain handle
src/parser_bison.y | 16 ++--
src/rule.c | 5 -
2 files changed, 18 insertions
This patch allows deletion of chains via unique chain handle which can be
listed via '-a' option and table family and table name.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
net/netfilter/nf_tables_api.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff
This patch allows deletion of chains via unique chain handles which
can be listed with '-a' option and table name and family.
For eg.
nft delete chain [] [handle ]
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
src/parser_bison.y | 16 ++--
1 file chang
Print handle attribute in chains when listing via '-a' option.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
src/rule.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/rule.c b/src/rule.c
index e875816..7d66c22 100644
--- a/src/rule.c
+++ b/src/
This patch add code to delete table via unique table handle and table
family.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
Changes in v2:
- Remove nf_tables_afinfo_lookup_byhandle
- Change log message
net/netfilter/nf_tables_api.
This patch allows deletion of table via unique table handles and table
family which can be listed with '-a' option.
For.eg.
nft delete table [] [handle ]
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
Changes in v3:
- Add tableid_spec
- Change log message
Changes in v2:
-
This patch add code to delete table via unique table handle and table
family.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
Changes in v3:
-Remove __nft_table_lookup_byhandle
Changes in v2:
- Remove nf_tables_afinfo_lookup_byhandle
- Change log message
net/net
This patch add code to allocate object handles and delete objects via
object handles.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
include/libnftnl/object.h | 1 +
include/linux/netfilter/nf_tables.h | 2 ++
include/obj.h | 1 +
src/ob
Print handle attributes in objects when listing via '-a' option and
delete objects via their unique object handles.
For e.g.
nft delete [] [] [handle ]
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
include/linux/netfilter/nf_tables.h | 2 ++
src/net
This patch add code to allocate unique object handles and delete objects
via those unique object handles.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
include/net/netfilter/nf_tables.h| 2 ++
include/uapi/linux/netfilter/nf_tables.h | 3 +++
net/net
Delete objects with given object handle
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
.../testcases/optionals/delete_object_handles_0| 40 ++
1 file changed, 40 insertions(+)
create mode 100755 tests/shell/testcases/optionals/delete_object_handles_0
ssh counter packets 0 bytes 0 # handle 4
}
} # handle 2
table ip xyz {
} # handle 3
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
Change in v2:
- print handle after '}'
- change log message accordingly
include/linux/netfilter/nf_tables.h | 4
src/net
Print 'handle' attribute in sets when listing via '-a' option and
delete sets via their unique set handles listed with '-a' option.
For e.g.
nft delete set [] [handle ]
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
include/linux/netfilter/nf_tables.h | 2 ++
src/net
This patch adds code to allocate set handles and delete sets via set
handle.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
include/libnftnl/set.h | 1 +
include/linux/netfilter/nf_tables.h | 2 ++
include/set.h | 1 +
src
This patch add code to allocate unique set handles and delete sets via
those unique set handles.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
include/net/netfilter/nf_tables.h| 2 ++
include/uapi/linux/netfilter/nf_tables.h | 2 ++
net/netfilter/nf_tables
Delete set with given unique set handle.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
tests/shell/testcases/sets/0028delete_handle_0 | 33 ++
1 file changed, 33 insertions(+)
create mode 100755 tests/shell/testcases/sets/0028delete_handle_0
diff
This patch adds code to parse new handle attribute for tables.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
Changes in v2:
- Remove code for tracing table handle.
include/libnftnl/table.h| 3 +++
include/linux/netfilter/nf_tables.h | 2 ++
src/libnft
On Tue, Dec 26, 2017 at 9:41 PM, Pablo Neira Ayuso <pa...@netfilter.org> wrote:
> Hi Harsha,
>
> On Sat, Dec 23, 2017 at 11:44:20AM -0800, Harsha Sharma wrote:
>> This patch adds code to allocate 'handle' in tables, which allow us to
>> uniquely identify a table.
>>
As the parameter for function is pointer to constant, change it to
constant. This fix compilation warning in libnftnl with make check.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
tests/nft-expr_immediate-test.c | 4 ++--
tests/nft-expr_lookup-test.c| 2 +-
tes
This patch fixes compilation warning: ignoring return value of fgets.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
tests/nft-parsing-test.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tests/nft-parsing-test.c b/tests/nft-parsing-test.c
index d
This patch adds code to allocate 'handle' in tables, which allow us to
uniquely identify a table.
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
Changes in v2:
-Don't restore table handle in nf_tables_newtable
-Remove spaces before tabs
include/net/netfilter/nf_ta
.
ip saddr limit rate over 200/second } counter drop
Signed-off-by: Harsha Sharma <harshasharmai...@gmail.com>
---
Changes in v2:
-Simple comparison for default values
extensions/libxt_hashlimit.c | 20
1 file changed, 12 insertions(+), 8 deletions(-)
diff
With this, remove ifdef for NF_CONNTRACK_CTTIMEOUT in nfnetlink_cttimeout.
This is also required for moving ctnl_untimeout from nfnetlink_cttimeout
to nf_conntrack_timeout.
Signed-off-by: Harsha Sharma
---
Changes in v3:
- No changes
Changes in v2:
- No changes
net/netfilter/Kconfig
As, ctnl_untimeout is required by nft_ct, so move ctnl_timeout from
nfnetlink_cttimeout to nf_conntrack_timeout and rename as nf_ct_timeout.
Signed-off-by: Harsha Sharma
---
Changes in v3:
- Add static inline definition for nf_ct_untimeout when
CONFIG_NF_CONNTRACK_TIMEOUT is not defined
19.128 dst=172.16.19.1
sport=22 dport=41360 [UNREPLIED] src=172.16.19.1 dst=172.16.19.128
sport=41360 dport=22
%nft delete rule ip raw output handle
%./libnftnl/examples/nft-ct-timeout-del ip raw cttime
Signed-off-by: Harsha Sharma
---
Changes in v10:
- remove all ifdef in nft_ct
- minor changes
Cha
1 - 100 of 166 matches
Mail list logo