Add translation for random to nftables.
Examples:
$ iptables-translate -A INPUT -m statistic --mode random --probability
0.1 -j ACCEPT
nft add rule ip filter INPUT meta random 0.109 counter accept
$ iptables-translate -A INPUT -m statistic --mode random ! --probability
0.1 -j ACCEPT
nft
Hi,
Today we're releasing the NetDev 1.1 slides, you can find them at:
http://www.netdevconf.org/1.1/proceedings/
Regarding videos, we're still uploading (~40 hours), so it may take a
little while until we make them public. Will send a short noticed once
they are available.
And short re
Oi,
Temos planejado investir alguns fundos no seu país.
Responder se você estiver interessado.
Saudações,
Sir Henry Neville Lindley Keswick
Presidente da Jardine Matheson Holdings Ltd
https://en.wikipedia.org/wiki/Keswick_family
==
Hi friend,
Our
given
table filter {
set local {
type iface_index
elements = { lo }
}
chain input {
type filter hook input priority 0;
iif { @lan, } accept;
}
}
nft BUG()s. I don't see how we could support sets-in-set; add a sanity
check and error out instead.
Signed-off-by: Florian Wes
Now it is possible to store multiple variable length user data into rule.
Modify the parser in order to fill the nftnl_attrbuf with the comment, and
the print function for extract these commentary and print it to user.
Signed-off-by: Carlos Falgueras García
---
include/rule.h| 11 +++
Now is it possible to store multiple variable length user data into a rule.
Modify XML and JSON parsers to support this new feature.
Signed-off-by: Carlos Falgueras García
---
include/json.h | 7 ++
include/utils.h | 2 +
include/xml.h | 5 ++
src/jansson.c | 41 +
src/mxml.c
These functions allow to create a buffer (nftnl_attrbuf) of TLV objects
(nftnl_attr). It is inspired by libmnl/src/attr.c. It can be used to store
several variable length user data into an object.
Example usage:
```
struct nftnl_attrbuf *attrbuf;
struct nftnl_attr *attr;
Oi Amigo,
INFORMAÇÃO IMPORTANTE
Nossa família está interessada em investir fundos em sua localidade.
Mais informações para você se interessou.
Saudações,
Sir Henry Neville Lindley Keswick
Presidente da Jardine Matheson Holdings Ltd
https://en.wikipedia.org/wiki/Keswick_family
--
To unsubscribe
Florian Westphal wrote:
> That makes no sense to me. Why and how does that help?
That's right. I had something wrong with my original tests and got wrong
numbers. Sorry for the disruption.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to
> On Mon, Feb 22, 2016 at 03:51:15AM -0800, Loganaden Velvindron wrote:
>> Add missing constants for libxt_TCPOPTSTRIP.c, in case they are not
>> defined.
>>
>> (Original patch from VoidLinux)
>
> OK, applied. Thanks.
>
Thank you Pablo !
--
To unsubscribe from this list: send the line "unsubs
Pablo Neira Ayuso wrote:
> Hi Florian,
>
> On Fri, Feb 26, 2016 at 08:19:34PM +0100, Florian Westphal wrote:
> > String is an unqualified type and we do not have a data element to
> > derive the element size from at set creation time.
> >
> > Add a new string subtype -- iface_name -- and switch
Hi Florian,
On Fri, Feb 26, 2016 at 08:19:34PM +0100, Florian Westphal wrote:
> String is an unqualified type and we do not have a data element to
> derive the element size from at set creation time.
>
> Add a new string subtype -- iface_name -- and switch
> meta iifname/oifname to use it instead
On Tue, Feb 23, 2016 at 01:40:10PM +0530, Sudip Mukherjee wrote:
> While building with W=1 we got the warning:
> net/netfilter/xt_osf.c:265:9: warning: variable 'loop_cont' set but not used
>
> The local variable loop_cont was only initialized and then assigned a
> value but was never used or chec
On Tue, Feb 16, 2016 at 05:24:08PM +0100, Florian Westphal wrote:
> Can be used to randomly match packets e.g. for statistic traffic sampling.
>
> See commit 3ad0040573b0c00f8848
> ("bpf: split state from prandom_u32() and consolidate {c, e}BPF prngs")
> for more info why this doesn't use prandom_
On Mon, Feb 22, 2016 at 03:51:15AM -0800, Loganaden Velvindron wrote:
> Add missing constants for libxt_TCPOPTSTRIP.c, in case they are not defined.
>
> (Original patch from VoidLinux)
OK, applied. Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body o
On Mon, 29 Feb 2016, Pablo Neira Ayuso wrote:
> On Wed, Feb 24, 2016 at 09:19:26PM +0100, Jozsef Kadlecsik wrote:
> > Flushing/listing entries was not RCU safe, so parallel flush/dump
> > could lead to kernel crash. Bug reported by Deniz Eren.
> >
> > Fixes netfilter bugzilla id #1050.
> >
> > S
I've been fighting a kernel bug that is producing random crashes around network
/
skb_layer for a long time and was able to isolate it (or one of its components)
to
the br_netfilter module.
I am reproducing the bug with PowerPC (TL-WDR4900v1.3) and MIPS (DB120, ar71xx)
based systems. Florian Wes
On Sat, Feb 20, 2016 at 10:07:09AM +0100, Stephane Bryant wrote:
> From: stephane
>
> -this creates 2 netlink attribute NLQA_VLAN and NLQA_L2HDR
> -these are filled up for the PF_BRIDGE family on the way to userspace
>
> Signed-off-by: Stephane Bryant
> ---
> include/uapi/linux/netfilter/nfnet
On Wed, Feb 24, 2016 at 03:34:43PM -0500, Phil Turnbull wrote:
> nfacct_filter_alloc doesn't validate the NFACCT_FILTER_MASK and
> NFACCT_FILTER_VALUE parameters which can trigger a NULL pointer
> dereference. CAP_NET_ADMIN is required to trigger the bug.
Applied, thanks.
I have enqueued this to
On Wed, Feb 24, 2016 at 01:19:34AM +0530, Shivani Bhardwaj wrote:
> Add translation for match comment to nftables.
> This patch also adds the relevant infrastructure for carrying out
> the translation.
>
> Example:
>
> $ sudo iptables-translate -A INPUT -s 192.168.0.0 -m comment --comment "A
> p
On Mon, 29 Feb 2016, Jozsef Kadlecsik wrote:
> Hi,
>
> On Mon, 29 Feb 2016, Julia Lawall wrote:
>
> > The file net/netfilter/ipset/ip_set_bitmap_ipmac.c seems to contain a lot
> > of static functions that are not used in the file:
> >
> > bitmap_ipmac_add_timeout
> > bitmap_ipmac_do_add
> > bitm
On Wed, Feb 24, 2016 at 09:19:26PM +0100, Jozsef Kadlecsik wrote:
> Flushing/listing entries was not RCU safe, so parallel flush/dump
> could lead to kernel crash. Bug reported by Deniz Eren.
>
> Fixes netfilter bugzilla id #1050.
>
> Signed-off-by: Jozsef Kadlecsik
> ---
> net/netfilter/ipset/
On Mon, Feb 22, 2016 at 10:12:36AM +0100, Harald Welte wrote:
> This is based on the JSON support patch of libnetfilter_acct.
Also applied, thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo inf
On Mon, Feb 22, 2016 at 10:12:17AM +0100, Harald Welte wrote:
> the original output format looks a bit like JSON, but isn't. The XML
> output is useful if you deal with XML, but a lot of applications prefer
> more lightweight formats like YAML/JSON.
>
> This adds the JSON output format to libnetf
Hi,
On Mon, 29 Feb 2016, Julia Lawall wrote:
> The file net/netfilter/ipset/ip_set_bitmap_ipmac.c seems to contain a lot
> of static functions that are not used in the file:
>
> bitmap_ipmac_add_timeout
> bitmap_ipmac_do_add
> bitmap_ipmac_do_del
> bitmap_ipmac_do_head
> bitmap_ipmac_do_list
> b
The file net/netfilter/ipset/ip_set_bitmap_ipmac.c seems to contain a lot
of static functions that are not used in the file:
bitmap_ipmac_add_timeout
bitmap_ipmac_do_add
bitmap_ipmac_do_del
bitmap_ipmac_do_head
bitmap_ipmac_do_list
bitmap_ipmac_do_test
bitmap_ipmac_gc_test
bitmap_ipmac_is_filled
b
On Mon, Feb 29, 2016 at 3:36 PM, Florian Westphal wrote:
> Shivani Bhardwaj wrote:
>> Change the data type of len from unsigned int to int in order to make
>> it valid for checks like
>>
>> if (len < 0)
>>
>> The issue was brought into attention by the unexplained behavior of
>> frag with frag-of
Shivani Bhardwaj wrote:
> Change the data type of len from unsigned int to int in order to make
> it valid for checks like
>
> if (len < 0)
>
> The issue was brought into attention by the unexplained behavior of
> frag with frag-off. Bugzilla entry:
> https://bugzilla.netfilter.org/show_bug.cgi?
28 matches
Mail list logo