Re: [PATCH] netfilter/nflog: nflog-range does not truncate packets

On 06/08/2016 08:16 AM, Pablo Neira Ayuso wrote: > Looking again at your code: > > case NFULNL_COPY_PACKET: > - if (inst->copy_range > skb->len) > + data_len = inst->copy_range; > + if (li->u.ulog.copy_len < data_len) > +

[PATCH] extensions: libxt_cgroup: Add translation to nft

Add translation for cgroup to nft. Path parameter not supported in nft yet. Examples: $ sudo iptables-translate -t filter -A INPUT -m cgroup --cgroup 0 -j ACCEPT nft add rule ip filter INPUT meta cgroup 0 counter accept $ sudo iptables-translate -t filter -A INPUT -m cgroup ! --cgroup 0 -j

Re: [PATCH net-next] nfnetlink_queue: enable PID info retrieval

On 06/10/2016 12:21 AM, Daniel Borkmann wrote: On 06/09/2016 11:35 PM, Florian Westphal wrote: Saeed Mahameed wrote: index a1bd161..67de200 100644 --- a/net/socket.c +++ b/net/socket.c @@ -382,6 +382,7 @@ struct file *sock_alloc_file(struct socket *sock, int flags, const

Re: [PATCH 1/3] bridge: netfilter: checkpatch whitespace fixes

On Wed, 2016-06-08 at 19:38 +0200, Pablo Neira Ayuso wrote: > On Wed, Jun 08, 2016 at 07:31:21PM +0200, Pablo Neira Ayuso wrote: > > Then you can follow up with a patch to add this function. > > > > Just a suggestion, let me know if this is fine with you. > Forget this idea. > > Actually your

Re: [PATCH net-next] nfnetlink_queue: enable PID info retrieval

On Thu, 2016-06-09 at 23:50 +0300, Saeed Mahameed wrote: > From: Matthew Finlay > diff --git a/net/socket.c b/net/socket.c > index a1bd161..67de200 100644 > --- a/net/socket.c > +++ b/net/socket.c > @@ -382,6 +382,7 @@ struct file *sock_alloc_file(struct socket *sock, int >

Re: [PATCH net-next] nfnetlink_queue: enable PID info retrieval

On 06/09/2016 11:35 PM, Florian Westphal wrote: Saeed Mahameed wrote: index a1bd161..67de200 100644 --- a/net/socket.c +++ b/net/socket.c @@ -382,6 +382,7 @@ struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname) } sock->file =