[PATCH] net: force inlining of netif_tx_start/stop_queue, sock_hold, __sock_put

2016-04-08 Thread Denys Vlasenko
Sometimes gcc mysteriously doesn't inline very small functions we expect to be inlined. See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66122 Arguably, gcc should do better, but gcc people aren't willing to invest time into it, asking to use __always_inline instead. With this .config:

Re: [iptables PATCH] configure: exit if libnftnl is not found

2016-04-08 Thread Pablo Neira Ayuso
On Sun, Mar 27, 2016 at 12:05:46PM +0200, Giuseppe Longo wrote: > iptables building is broken if libnftnl is not installed > on the system, raising up the following errors: > > nft-shared.c:25:27: fatal error: libnftnl/rule.h: No such file or directory > #include >^

Re: [PATCH RFC nf-next 0/3] named expressions for nf_tables

2016-04-08 Thread Florian Westphal
Pablo Neira Ayuso wrote: > * List existing named counters: > > # nft lists counters > table ip filter { > counter tcp-counter { > packets 6086 bytes 6278052 > } > counter udp-counter { > packets 272 bytes 64690 >

Re: Possible segfault in nft utility

2016-04-08 Thread Pablo Neira Ayuso
On Fri, Apr 08, 2016 at 11:10:47AM +, Meyer Raffaele wrote: > Dear Sir or Madam > > I am currently using nftables under Ubuntu 15.10. Kernel version is > 4.2.0-16-generic and nftables version is nftables v0.4 (Support Edward > Snowden). > I was looking for a way to match packets based on

Re: [PATCH RFC nf-next 0/3] named expressions for nf_tables

2016-04-08 Thread Pablo Neira Ayuso
On Thu, Apr 07, 2016 at 11:49:42PM +0200, Florian Westphal wrote: > Pablo Neira Ayuso wrote: > > Several examples on how this would look from userspace: > > > > * Add the 'tcp-counter' counter to the 'filter' table: > > > > # nft add counter filter tcp-counter > > > > *

Re: [PATCH nft v2] src: evaluate: Show error for fanout without balance

2016-04-08 Thread Pablo Neira Ayuso
On Thu, Apr 07, 2016 at 10:58:54PM +0530, Shivani Bhardwaj wrote: > The idea of fanout option is to improve the performance by indexing CPU > ID to map packets to the queues. This is used for load balancing. > Fanout option is not required when there is a single queue specified. > > According to

Possible segfault in nft utility

2016-04-08 Thread Meyer Raffaele
Dear Sir or Madam I am currently using nftables under Ubuntu 15.10. Kernel version is 4.2.0-16-generic and nftables version is nftables v0.4 (Support Edward Snowden). I was looking for a way to match packets based on the mss optional value in the tcp header. While using the describe command, I

[nf_tables PATCH] netfilter: nf_tables: invert chain deletion abort path

2016-04-08 Thread Arturo Borrero Gonzalez
Before this patch, chain deletetion abort path re-add chains in reverse order of what was originally in the ruleset. Invert the order, so the ruleset is exactly the same after abort. Example, using 2 config files: ruleset_good.nft: 8< flush ruleset table ip t { chain c1 {

Re: [PATCH 0/4] nfct: documentation updates and corrections.

2016-04-08 Thread Pablo Neira Ayuso
On Fri, Apr 08, 2016 at 08:18:40AM +0200, Mart Frauenlob wrote: > > Good day, > > this series includes some documentation updates and corrections for nfct. Series applied. > For the first patch: add missing commands to usage output, > > I was not able to trigger the usage output. I think the

Re: [PATCH] Printing the table name before chain name.

2016-04-08 Thread Pablo Neira Ayuso
On Fri, Apr 08, 2016 at 01:08:14AM +0530, Guruswamy Basavaiah wrote: > Command ./iptables-restore-translate, was printing > table name before the chain name for user added chains. > This is breaking ./nft -f command. > > Before fix, output of "./iptables-restore-translate" > add chain ip

Re: [PATCH 4/5] conntrack: man: add options --src and --dst.

2016-04-08 Thread Pablo Neira Ayuso
Also applied. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH 5/5] conntrack: man: Add description of tables dying and unconfirmed.

2016-04-08 Thread Pablo Neira Ayuso
Applied, thanks. On Thu, Apr 07, 2016 at 08:31:42PM +0200, Mart Frauenlob wrote: > > Signed-off-by: Mart Frauenlob > --- > conntrack.8 | 17 + > 1 files changed, 17 insertions(+), 0 deletions(-) > > diff --git a/conntrack.8 b/conntrack.8 > index

Re: [PATCH 3/5] conntrack: show --src and --dst options in usage output.

2016-04-08 Thread Pablo Neira Ayuso
Applied. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/5] conntrack: add --proto to usage output.

2016-04-08 Thread Pablo Neira Ayuso
On Thu, Apr 07, 2016 at 08:31:38PM +0200, Mart Frauenlob wrote: > > Signed-off-by: Mart Frauenlob > --- > src/conntrack.c |2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/src/conntrack.c b/src/conntrack.c > index dadbea5..162caa9 100644 >

Re: [PATCH] conntrack-tools: Fix build for old automake.

2016-04-08 Thread Pablo Neira Ayuso
On Fri, Apr 08, 2016 at 08:40:01AM +0200, Mart Frauenlob wrote: > On 07.04.2016 19:53, Mart Frauenlob wrote: > >On 07.04.2016 19:50, Pablo Neira Ayuso wrote: > >>On Thu, Apr 07, 2016 at 07:33:43PM +0200, Mart Frauenlob wrote: > >>>On 07.04.2016 18:47, Pablo Neira Ayuso wrote: > On Mon, Apr 04,

[nft PATCH] test/shell/run-tests.sh: also unload NAT modules

2016-04-08 Thread Arturo Borrero Gonzalez
Also unload NAT modules between tests. Signed-off-by: Arturo Borrero Gonzalez --- tests/shell/run-tests.sh |1 + 1 file changed, 1 insertion(+) diff --git a/tests/shell/run-tests.sh b/tests/shell/run-tests.sh index 620fe57..0bbb136 100755 ---

Re: [PATCH] conntrack-tools: Fix build for old automake.

2016-04-08 Thread Mart Frauenlob
On 07.04.2016 19:53, Mart Frauenlob wrote: On 07.04.2016 19:50, Pablo Neira Ayuso wrote: On Thu, Apr 07, 2016 at 07:33:43PM +0200, Mart Frauenlob wrote: On 07.04.2016 18:47, Pablo Neira Ayuso wrote: On Mon, Apr 04, 2016 at 11:39:40AM +0200, Mart Frauenlob wrote: autoreconf fails with

[PATCH 4/4] nfct: man: add missing comands

2016-04-08 Thread Mart Frauenlob
The missing commands: flush, disable, default-set and default-get were added to the manpage. The description of the subsystem has been corrected. Signed-off-by: Mart Frauenlob --- nfct.8 | 16 +++- 1 files changed, 15 insertions(+), 1 deletions(-) diff

[PATCH 3/4] nfct: helper: correct error messages.

2016-04-08 Thread Mart Frauenlob
Signed-off-by: Mart Frauenlob --- src/nfct-extensions/helper.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/nfct-extensions/helper.c b/src/nfct-extensions/helper.c index dfc55e7..0569827 100644 --- a/src/nfct-extensions/helper.c +++

[PATCH 2/4] nfct: correct command list in timeout usage error message.

2016-04-08 Thread Mart Frauenlob
Signed-off-by: Mart Frauenlob --- src/nfct-extensions/timeout.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/nfct-extensions/timeout.c b/src/nfct-extensions/timeout.c index 1cb04a1..30f9464 100644 --- a/src/nfct-extensions/timeout.c +++

[PATCH 0/4] nfct: documentation updates and corrections.

2016-04-08 Thread Mart Frauenlob
Good day, this series includes some documentation updates and corrections for nfct. For the first patch: add missing commands to usage output, I was not able to trigger the usage output. I think the parser is broken. Best regards, Mart -- To unsubscribe from this list: send the line