Re: [PATCH v2] netfilter: nft_nth: match every n packets

2016-08-09 Thread Pablo Neira Ayuso
On Tue, Aug 09, 2016 at 04:13:40PM +0200, Laura Garcia wrote: > On Tue, Aug 09, 2016 at 12:52:53PM +0200, Pablo Neira Ayuso wrote: > > On Thu, Jul 28, 2016 at 11:20:59AM +0200, Florian Westphal wrote: > > > Laura Garcia wrote: > > > > On Thu, Jul 28, 2016 at 01:01:05AM +0200,

Re: [PATCH v2] netfilter: nft_nth: match every n packets

2016-08-09 Thread Laura Garcia
On Tue, Aug 09, 2016 at 12:52:53PM +0200, Pablo Neira Ayuso wrote: > On Thu, Jul 28, 2016 at 11:20:59AM +0200, Florian Westphal wrote: > > Laura Garcia wrote: > > > On Thu, Jul 28, 2016 at 01:01:05AM +0200, Florian Westphal wrote: > > > > How exactly is this used by nftables? >

Re: [PATCH v2] netfilter: nft_nth: match every n packets

2016-08-09 Thread Pablo Neira Ayuso
On Thu, Jul 28, 2016 at 11:20:59AM +0200, Florian Westphal wrote: > Laura Garcia wrote: > > On Thu, Jul 28, 2016 at 01:01:05AM +0200, Florian Westphal wrote: > > > How exactly is this used by nftables? > > > > > > AFAIU usespace will check if ->dreg is 0 or not, but does that

Re: [PATCH v2] netfilter: nft_nth: match every n packets

2016-07-27 Thread Florian Westphal
Laura Garcia Liebana wrote: > +struct nft_nth { > + enum nft_registers dreg:8; > + u32 every; > + atomic_tcounter; > +}; > + > +static void nft_nth_eval(const struct nft_expr *expr, > + struct nft_regs

[PATCH v2] netfilter: nft_nth: match every n packets

2016-07-27 Thread Laura Garcia Liebana
Add support for the nth expression in netfilter. A nft_nth structure is created with dreg (to store the result into a given register), every (to store the input value that indicates when the counter is going to be reset) and the counter (to store atomically the current counter value).