Eric Dumazet wrote:
>
>
> On 03/08/2018 07:01 AM, Serhey Popovych wrote:
>> Eric Dumazet wrote:
>>>
>>>
>>> On 03/08/2018 02:08 AM, Serhey Popovych wrote:
>>>> We can't use skb_reset_transport_header() together with skb_put() to
>&
Eric Dumazet wrote:
>
>
> On 03/08/2018 02:08 AM, Serhey Popovych wrote:
>> We can't use skb_reset_transport_header() together with skb_put() to set
>> skb->transport_header field because skb_put() does not touch skb->data.
>>
>> Do this same way as
.
Thanks,
Serhey
Serhey Popovych (2):
netfilter: SYNPROXY: set transport header properly
netfilter: nf_reject: set transport header properly
net/ipv4/netfilter/ipt_SYNPROXY.c | 8
net/ipv4/netfilter/nf_reject_ipv4.c | 2 +-
net/ipv6/netfilter/ip6t_SYNPROXY.c | 8
net/ipv6/
We can't use skb_reset_transport_header() together with skb_put() to set
skb->transport_header field because skb_put() does not touch skb->data.
Do this same way as we did for csum_data in code: substract skb->head
from tcph.
Signed-off-by: Serhey Popovych
---
net/ipv4/netfilter/
We can't use skb_reset_transport_header() together with skb_put() to set
skb->transport_header field because skb_put() does not touch skb->data.
Do this same way as we did for csum_data in code below: substract
skb->head from tcph.
Signed-off-by: Serhey Popovych
---
net/
Size is known at xtables_register_match()/xtables_register_target()
calls: no need to defer it to final registration steps.
Signed-off-by: Serhey Popovych
---
libxtables/xtables.c | 30 --
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/libxtables
duced
since there may be other changes before release.
Thanks,
Serhey
Serhey Popovych (4):
xtables: Do not register matches/targets with incompatible revision
xtables: Check match/target size vs XT_ALIGN(size) at register time
xtables: Register all match/target revisions supported by us and
k
ot; output.
To fix this issue we now store all supported by kernel and xtables
revisions in xt_matches/xt_targets list sorted in descending order.
Introduce helper routines to find match/target with given revision
and use them to find right revision to print submitted by kernel
entry.
Signed
/target revision given by it's name.
Signed-off-by: Serhey Popovych
---
libxtables/xtables.c | 95 +-
1 file changed, 71 insertions(+), 24 deletions(-)
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 33fc158..5a115ff 100644
ng me->next being non-NULL
in xtables_register_match() and xtables_register_target().
Signed-off-by: Serhey Popovych
---
libxtables/xtables.c | 66 --
1 file changed, 42 insertions(+), 24 deletions(-)
diff --git a/libxtables/xtables.c b/li
xtables_print_mark_mask() helper for extensions without
symbolic name for val[/mask].
Signed-off-by: Serhey Popovych
---
extensions/libipt_realm.c | 21 ++---
extensions/libxt_connmark.c | 18 ++
extensions/libxt_devgroup.c | 27
[/mask] or symbolic name.
Signed-off-by: Serhey Popovych
---
extensions/libipt_realm.c | 29 +++-
extensions/libxt_devgroup.c | 35 +
include/xtables.h | 11 +
libxtables/xtables.c| 52
-group 0x2
... src-group 0x2 dst-group 0x1
After:
--
... src-group grp1 dst-group grp2
... src-group grp2 dst-group grp1
Signed-off-by: Serhey Popovych
---
extensions/libipt_realm.c | 18 +++---
extensions/libxt_devgroup.c | 17 +++--
2 files changed, 14 inserti
. Add inline helper to short circuit
case when such translation should not be done.
Serhey Popovych (3):
extensions: Initialize linear mapping of symbols in _init() of
extension
xtables: Introduce and use common function to parse val[/mask]
arguments
xtables: Introduce and use common fun
14 matches
Mail list logo
