Re: [PATCH nf-next] netfilter: meta: secpath support

2017-12-13 Thread kbuild test robot
Hi Florian, I love your patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] url: https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-meta-secpath-support/20171204-124857 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git mas

Re: [PATCH nf-next] netfilter: meta: secpath support

2017-12-01 Thread Florian Westphal
Arturo Borrero Gonzalez wrote: > > + if (priv->key != NFT_META_SECPATH) > > + return 0; > > + > > Would it worth adding here something like this? > > #ifnfdef CONFIG_XFRM > return -EOPNOTSUPP; > #endif > > I mean, if CONFIG_XFRM is not defined, then _get_eval() i

Re: [PATCH nf-next] netfilter: meta: secpath support

2017-12-01 Thread Arturo Borrero Gonzalez
On 1 December 2017 at 13:40, Florian Westphal wrote: > replacement for iptables "-m policy --dir in --policy {ipsec,none}". > > Signed-off-by: Florian Westphal > --- > include/uapi/linux/netfilter/nf_tables.h | 2 ++ > net/netfilter/nft_meta.c | 39 > +++

Re: [PATCH nf-next] netfilter: meta: secpath support

2017-12-01 Thread Florian Westphal
Florian Westphal wrote: > +int nft_meta_get_validate(const struct nft_ctx *ctx, > + const struct nft_expr *expr, > + const struct nft_data **data) Sigh, this should be static of course. I will not send a v2 for now. -- To unsubscribe from this list: sen

[PATCH nf-next] netfilter: meta: secpath support

2017-12-01 Thread Florian Westphal
replacement for iptables "-m policy --dir in --policy {ipsec,none}". Signed-off-by: Florian Westphal --- include/uapi/linux/netfilter/nf_tables.h | 2 ++ net/netfilter/nft_meta.c | 39 2 files changed, 41 insertions(+) diff --git a/include/uapi/