Re: [PATCH v2] extensions: libxt_NFQUEUE: Add translation to nft

On Mon, Feb 8, 2016 at 2:59 PM, Florian Westphal wrote: > Shivani Bhardwaj wrote: >> On Sun, Feb 7, 2016 at 2:55 PM, Florian Westphal wrote: > >> > Seems this could be written similar to something like: >> > >> > if (info->flags & NFQ_FLAG_CPU_FANOUT) { >> > bool sep_needed = info->bypas

[PATCH v4] extensions: libxt_NFQUEUE: Add translation to nft

Add translation for NF queue to nftables. Examples: $ sudo iptables-translate -t nat -A PREROUTING -p tcp --dport 80 -j NFQUEUE --queue-num 30 nft add rule ip nat PREROUTING tcp dport 80 counter queue num 30 $ sudo iptables-translate -A FORWARD -j NFQUEUE --queue-num 0 --queue-bypass -p TCP --

Re: [PATCH iproute2 v2 21/21] iplink: bridge: add support for netfilter call attributes

Hi Nikolay, On Tue, Feb 09, 2016 at 12:14:39AM +0100, Nikolay Aleksandrov wrote: > From: Nikolay Aleksandrov > > This patch implements support for the IFLA_BR_NF_CALL_(IP|IP6|ARP)TABLES > attributes in iproute2 so it can change their values. > > Signed-off-by: Nikolay Aleksandrov > --- > ip/i

Re: [RFC] a software based on ulogd

On Sun, Feb 07, 2016 at 11:51:47AM +0100, Eric Leblond wrote: > Do you think you could resubmit a patchset adding netflow support to ulogd ? I can send patches, but I have not used this and I don't know if I will use it or not. I think NFCT plugin also needs to update to propagate delta counter i

[PATCH ulogd 1/7] ipfix: add flowDirection IE

Signed-off-by: Ken-ichirou MATSUZAWA --- include/ulogd/ipfix_protocol.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/ulogd/ipfix_protocol.h b/include/ulogd/ipfix_protocol.h index aef47f0..bff0b5c 100644 --- a/include/ulogd/ipfix_protocol.h +++ b/include/ulogd/ipfix

[PATCH ulogd 2/7] nfct/ipfix: introduce new vendor id

IPFIX_VENDOR_REVERSE, defined in RFC 5103 6.1 Reverse Information Element Private Enterprise Number. And use it at counter in nfct. Signed-off-by: Ken-ichirou MATSUZAWA --- include/ulogd/ipfix_protocol.h | 3 +++ input/flow/ulogd_inpflow_NFCT.c | 4 ++-- 2 files changed, 5 insertions(+), 2 dele

[PATCH ulogd 3/7] nfct/ipfix: introduce NAT entries

Signed-off-by: Ken-ichirou MATSUZAWA --- include/ulogd/ipfix_protocol.h | 10 ++ input/flow/ulogd_inpflow_NFCT.c | 17 - 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/include/ulogd/ipfix_protocol.h b/include/ulogd/ipfix_protocol.h index 330f0ea..23fa440

[PATCH ulogd 4/7] filter: add new filter for Netflow ICMP_TYPE

This filter creates ICMP_TYPE Netflow v9 from IPFIX icmpTypeIPv4 and icmpCodeIPv4. Signed-off-by: Ken-ichirou MATSUZAWA --- filter/Makefile.am | 6 ++- filter/ulogd_filter_PACKICMP.c | 101 + 2 files changed, 106 insertions(+), 1 deletion(-)

[PATCH ulogd 5/7] filter: add new filter for IPFIX time

This filter creates IPFIX_flow(Start|End)MicroSeconds and IPFIX_flow(Start|End)SysUpTime from "flow.(start|end).sec" and "flow.(start|end).usec". Signed-off-by: Ken-ichirou MATSUZAWA --- filter/Makefile.am | 5 +- filter/ulogd_filter_TIMECONV.c | 316 +++

[PATCH ulogd 6/7] ulogd: update calling stop callback condition

TIMECONV filter in previous patch has private data but does not have stop callback, then segfault occured. Signed-off-by: Ken-ichirou MATSUZAWA --- src/ulogd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ulogd.c b/src/ulogd.c index 5b9a586..7e1a42f 100644 --- a/

[PATCH ulogd 7/7] nflow9: introduce new NetFlow v9 output plugin

This patch introduces a NFLOW9 output plugin which sends Netflow v9 encoded NFCT destroy events. Signed-off-by: Ken-ichirou MATSUZAWA --- output/Makefile.am | 10 + output/ulogd_output_NFLOW9.c | 1696 ++ 2 files changed, 1706 insertions(+) cr

[PATCH] iptables: nft-ipv6: Fix ipv6 flags

Replace the flags with the correct ipv6 flags. Details: Ana found out the bug and submitted the patch, Shivani applied it on the latest tree and compile tested it. Signed-off-by: Ana Rey Signed-off-by: Shivani Bhardwaj --- iptables/nft-ipv6.c | 14 +++--- 1 file changed, 7 insertions(+