search for: ether_addr

...Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: debe at galliera.it I would like to use a timeout of 30 days for elements in a set but it seems there is a some kind of problem above 24d20h31m23s. # nft add table foo # nft add set foo bar { type ether_addr\; timeout 24d20h31m23s \; } # nft list set foo bar table ip foo { set bar { type ether_addr timeout 24d20h31m23s } } # nft delete set foo bar # nft add set foo bar { type ether_addr\; timeout 24d20h31m24s \; } # nft list set foo bar table ip foo {...

http://bugzilla.mindrot.org/show_bug.cgi?id=323 ------- Additional Comments From luc at suryo.com 2002-06-30 05:40 ------- A better solution is to install the pacthes that will support /dev/random and /dev/urandom. Then recompile openssl and then openssh. Solaris 8: 112438-01 patch for Sparc 112439-01 patch for x86 Solaris 9: has standard /dev/random and /dev/urandom Not sure if one can

...AssignedTo: pablo at netfilter.org ReportedBy: bugzilla-netfilter at malc.org.uk Estimated Hours: 0.0 Created attachment 449 --> https://bugzilla.netfilter.org/attachment.cgi?id=449 Test case If I attempt to load a table containing a large set (in my case, a set of 203 or more ether_addrs), nft segfaults (in some cases with what looks to me like a corrupt stack). I'm running git head nftables, libnftnl, libmnl on kernel 3.15.5. # Loading a simple table containing just a 203-element set (nft -f test.nft; input attached): Program received signal SIGSEGV, Segmentation fault. n...

https://bugzilla.netfilter.org/show_bug.cgi?id=896 Summary: You can not add the follow kinds of sets: mark, integer, string, lladdr Product: nftables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5 Component: nft

...licy accept; socket transparent 1 socket wildcard 0 mark set 0x00000001 } } * Get elements from maps: # nft get element inet filter test "{ 18.51.100.17 . ad:c1:ac:c0:ce:c0 . 3761 : 0x42 }" table inet filter { map test { type ipv4_addr . ether_addr . inet_service : mark flags interval,timeout elements = { 18.51.100.17 . ad:c1:ac:c0:ce:c0 . 3761 : 0x00000042 } } } * Allow to specify comments in sets, eg. table ip x { set s { type ipv4_addr; comment "lis...

...3c:71:0e:39:bb:20 . 192.168.1.120 . "wlan0" : accept, \ 3c:77:e0:39:aa:21 . 192.168.1.204 . "wlan0" : drop } You can declare a set using concatenations, to dynamically update its content instead: % nft add map filter accesslist { \ type ether_addr . ipv4_addr . iface_index : verdict \; } % nft add rule filter input ether saddr . ip saddr . meta iif vmap @accesslist Then, add elements to the set: % nft add element filter accesslist { \ 3c:71:0e:39:bb:20 . 192.168.1.120 . wlan0 : accept } On a different front, you can also c...

....c update: usr/src/lib/librt/common/pos4obj.c update: usr/src/lib/librt/common/sched.c update: usr/src/lib/librt/common/sem.c update: usr/src/lib/librt/common/shm.c update: usr/src/lib/libscf/common/libscf_impl.h update: usr/src/lib/libsendfile/Makefile.com update: usr/src/lib/libsocket/inet/ether_addr.c update: usr/src/lib/libumem/common/linktest_stand.c update: usr/src/lib/libumem/common/misc.c update: usr/src/lib/libumem/common/stub_stand.c update: usr/src/lib/libumem/common/umem.c update: usr/src/lib/libumem/common/umem_fork.c update: usr/src/lib/libumem/common/vmem.c update: usr/src/l...

...0 Reject statement with range meta mark set 0-100 - Support for auto-merge flag in sets in JSON - Print 0s in time datatype - Speed up list tables by fetching tables only - Skip byteorder conversion with 8-byte fields set test { type ipv4_addr . ether_addr . inet_proto flags interval } ip saddr . ether saddr . meta l4proto @test counter - Honor -t/--terse with list table and list set to speed up listing - Allow for host-endian in set lookups map ipsec_in { typeof ipsec in reqid . iif : verdict flags interval }...