[PATCH] netfilter: ipset: fix ip_set_byindex function

New function added by "Introduction of new commands and protocol version 7" is not working, since we return skb2 to user Signed-off-by: Victorien Molle Signed-off-by: Florent Fourcot --- net/netfilter/ipset/ip_set_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -

Re: [PATCH] netfilter: ipset: export indexes via netlink

, single-shot usage. Yes, and they are perfect for that. Thanks for your time on this topic. Best regards, Florent Fourcot.

Re: [PATCH] netfilter: ipset: export indexes via netlink

Hi Jozsef, On pyroute2 library, a method can build a python object based on netlink messages: https://github.com/svinota/pyroute2/blob/master/pyroute2/wiset.py#L174 We could of course fill index attribute with your new command, but that could be nice as well to read it in the same way

Re: [PATCH] netfilter: ipset: export indexes via netlink

Hi Jozsef, Thanks a lot, I will test it on my side this week. Just a small comment after a short code review: what about adding IPSET_ATTR_INDEX in list command when proto is greater than 6? I agree that specific commands are a good idea, but i still think that adding it in list is a good

Re: [PATCH] netfilter: ipset: export indexes via netlink

Hello Jozsef, Technically I have no problem with your patch. However, it means a non-versioned protocol change. I'd like to think about it and check how would be best to introduce a version change. Do you have any update on this? In my opinion, there are already some flags to control list

[PATCH] netfilter: ipset: export indexes via netlink

in future. Signed-off-by: Florent Fourcot Signed-off-by: Victorien Molle --- include/uapi/linux/netfilter/ipset/ip_set.h | 4 net/netfilter/ipset/ip_set_core.c | 18 +- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/netfilter/ipset

[PATCH] netfilter: ipset: forbid family for hash:mac sets

on other hash:* sets Signed-off-by: Florent Fourcot Signed-off-by: Victorien Molle --- net/netfilter/ipset/ip_set_hash_gen.h | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h index bbad940c0137

[PATCH] netfilter: ctnetlink: export nf_conntrack_max

monitoring for application built on netlink API. Signed-off-by: Florent Fourcot <florent.four...@wifirst.fr> --- include/uapi/linux/netfilter/nfnetlink_conntrack.h | 1 + net/netfilter/nf_conntrack_core.c | 1 + net/netfilter/nf_conntrack_netlink.c | 3 +++ 3

Re: [PATCH] netfilter: ctnetlink: export nf_conntrack_max

Hi Pablo, Patch seems to be mangled by MUA, could you resend? Indeed, sorry for the noise. I will resend it. Best regards, Florent. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at

[PATCH] netfilter: ctnetlink: export nf_conntrack_max

monitoring for application built on netlink API. Signed-off-by: Florent Fourcot <florent.four...@wifirst.fr> --- include/uapi/linux/netfilter/nfnetlink_conntrack.h | 1 + net/netfilter/nf_conntrack_core.c | 1 + net/netfilter/nf_conntrack_netlink.c | 3 +++ 3