Re: [PATCH 1/2 nft v2] src: osf: add ttl option support

On 10/15/18 2:47 PM, Pablo Neira Ayuso wrote: Please send a v3 including tests/py. More comments below. On Sat, Sep 29, 2018 at 12:15:17PM +0200, Fernando Fernandez Mancera wrote: Add support for ttl option in "osf" expression. Example: table ip foo { chain bar { typ

Re: [PATCH nft] src: remove opts field from struct xt_stmt

On Tue, Oct 16, 2018 at 08:58:20PM +0200, Pablo Neira Ayuso wrote: > This is never used, ie. always NULL. > > Reported-by: Phil Sutter > Signed-off-by: Pablo Neira Ayuso Acked-by: Phil Sutter Thanks for clearing this up!

[PATCH nft] src: remove opts field from struct xt_stmt

This is never used, ie. always NULL. Reported-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- include/statement.h | 1 - src/statement.c | 1 - src/xt.c| 8 ++-- 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/include/statement.h b/include/statement.h ind

[PATCH nf-next] netfilter: xt_quota: simplify quota logic, account for consumed bytes

Store consumed bytes, instead of remaining bytes, this simplifies logic quite a bit. Cc: Chenbo Feng Cc: Maciej Żenczykowski Signed-off-by: Pablo Neira Ayuso --- Before merge window closes and it's too late to change semantics. include/uapi/linux/netfilter/xt_quota.h | 4 ++-- net/netfilter/

Re: [PATCH net] netfilter: fix DNAT target for shifted portmap ranges

On Tue, Oct 16, 2018 at 04:52:05PM +0200, Paolo Abeni wrote: > The commit 2eb0f624b709 ("netfilter: add NAT support for shifted > portmap ranges") did not set the checkentry/destroy callbacks for > the newly added DNAT target. As a result, rulesets using only > such nat targets are not effective, a

[PATCH net] netfilter: fix DNAT target for shifted portmap ranges

The commit 2eb0f624b709 ("netfilter: add NAT support for shifted portmap ranges") did not set the checkentry/destroy callbacks for the newly added DNAT target. As a result, rulesets using only such nat targets are not effective, as the relevant conntrack hooks are not enabled. The above affect also

Re: [PATCH net-next 0/3] ip_tunnel: specify tunnel type via template

On Mon, Oct 15, 2018 at 09:43:20PM -0700, David Miller wrote: > From: Pablo Neira Ayuso > Date: Wed, 10 Oct 2018 00:24:36 +0200 > > > The following patchset adds a new field to the tunnel metadata template. > > This new field allows us to restrict the configuration to a given tunnel > > driver in

Re: linux-next: build failure after merge of the netfilter-next tree

On Tue, Oct 16, 2018 at 10:41:25AM +1100, Stephen Rothwell wrote: > Hi all, > > After merging the netfilter-next tree, today's linux-next build (x86_64 > allmodconfig) failed like this: Thanks for reporting, I'll keep back this patch by now.