Re: [iptables PATCH] xtables: Fix for matching rules with wildcard interfaces

On Tue, Oct 30, 2018 at 05:57:53PM +0100, Phil Sutter wrote: > Due to xtables_parse_interface() and parse_ifname() being misaligned > regarding interface mask setting, rules containing a wildcard interface > added with iptables-nft could neither be checked nor deleted. > > Signed-off-by: Phil

[iptables PATCH] xtables: Fix for matching rules with wildcard interfaces

Due to xtables_parse_interface() and parse_ifname() being misaligned regarding interface mask setting, rules containing a wildcard interface added with iptables-nft could neither be checked nor deleted. Signed-off-by: Phil Sutter --- iptables/nft-shared.c| 2 +-

Re: [iptables PATCH] xtables: Fix for matching rules with wildcard interfaces

On Tue, Oct 30, 2018 at 06:45:20PM +0100, Phil Sutter wrote: > Hi Pablo, > > On Tue, Oct 30, 2018 at 06:01:19PM +0100, Pablo Neira Ayuso wrote: > > On Tue, Oct 30, 2018 at 05:57:53PM +0100, Phil Sutter wrote: > > > Due to xtables_parse_interface() and parse_ifname() being misaligned > > >

Re: [iptables PATCH] xtables: Fix for matching rules with wildcard interfaces

Hi Pablo, On Tue, Oct 30, 2018 at 06:01:19PM +0100, Pablo Neira Ayuso wrote: > On Tue, Oct 30, 2018 at 05:57:53PM +0100, Phil Sutter wrote: > > Due to xtables_parse_interface() and parse_ifname() being misaligned > > regarding interface mask setting, rules containing a wildcard interface > >

Re: [PATCH nf] netfilter: xt_RATEEST: remove netns exit routine

On Tue, 30 Oct 2018 at 08:00, Pablo Neira Ayuso wrote: > Hi Pablo, Thank you for review! > On Fri, Oct 19, 2018 at 12:27:57AM +0900, Taehee Yoo wrote: > > xt_rateest_net_exit() was added to check whether rules are flushed > > successfully. but ->net_exit() callback is called earlier than > >

Re: [PATCH nf 1/2] netfilter: nf_conncount: use spin_lock_bh instead of spin_lock

Thanks to all reviewer! On Tue, 30 Oct 2018 at 08:41, Florian Westphal wrote: > > Pablo Neira Ayuso wrote: > > On Thu, Oct 25, 2018 at 11:56:12PM +0900, Taehee Yoo wrote: > > > conn_free() holds lock with spin_lock(). and it is called by both > > > nf_conncount_lookup() and

[PATCH v2] netfilter: ipset: Fix calling ip_set() macro at dumping

The ip_set() macro is called when either ip_set_ref_lock held only or no lock/nfnl mutex is held at dumping. Take this into account properly. Also, use Pablo's suggestion to use rcu_dereference_raw(), the ref_netlink protects the set. Signed-off-by: Jozsef Kadlecsik ---

Re: [PATCH 3/3 nft,v2] expression: always print range expression numerically

On Mon, Oct 29, 2018 at 09:58:00PM +0100, Pablo Neira Ayuso wrote: > Otherwise we end up displaying things that we cannot parse as input. > Moreover, in a range, it's relevant to the user the values that are > enclosed in the range, so let's print this numerically. > > Fixes: baa4e0e3fa5f ("src:

Re: [PATCH 1/3 nft,v3] src: get rid of nft_ctx_output_{get,set}_numeric()

On Mon, Oct 29, 2018 at 09:57:58PM +0100, Pablo Neira Ayuso wrote: > This patch adds NFT_CTX_OUTPUT_NUMERIC_SYMBOL, which replaces the last > client of the numeric level approach. > > This patch updates `-n' option semantics to display all output > numerically. > > Note that monitor code was

Re: [PATCH] ulogd2: fix build with musl libc

On Mon, Oct 29, 2018 at 05:52:51PM -0700, Cameron Norman wrote: > Yes, we can do that. Would you send me a patch? Please, add your Signed-off-by: tag. Or I can just mangle this patch here if you prefer this. Thanks. > On Mon, Oct 29, 2018 at 2:11 PM Pablo Neira Ayuso wrote: > > > > Hi, > > >