search for: exthdr

...his release includes incremental updates to support new kernel features and bug fixes. You can download this library from: http://www.netfilter.org/projects/libnftnl/downloads.html ftp://ftp.netfilter.org/pub/libnftnl/ Thanks! -------------- next part -------------- Alexander Alemayhu (1): exthdr: remove unused variable uval8 Elise Lennion (2): examples: Remove the use of nftnl_mnl_batch_put() src: Use nftnl_buf to export XML/JSON rules Eric Leblond (1): set: free user data Florian Westphal (9): src: ct: add zone support object: don't set NFTNL_OBJ_TYPE...

...xpr: ct: Do not parse unset values in json expr: counter: Add nft_rule_expr_counter_snprinf_* functions expr: counter: Use nft_rule_expr_set_* in the xml parsing code expr: counter: Do not print unset values in xml expr: counter: Do not print unset values in json expr: exthdr: Add nft_rule_expr_exthdr_snprinf_* functions expr: exthdr: Use nft_rule_expr_set_* in the xml parsing code expr: exthdr: Do not print unset values in xml expr: exthdr: Do not print unset values in json expr: lookup: Use nft_rule_expr_set_* in the xml parsing code expr...

...Assuming the following content on such folder: /foo /foo/02_rules.nft /foo/01_rules.nft "01_rules.nft" is loaded before "02_rules.nft". * Allow to check if IPv6 extension header or TCP option exists or is missing, eg. # nft add rule ip6 x y exthdr frag exists drop # nft add rule inet x y tcp option window missing drop Same for fib lookups, eg. # nft add rule x y fib daddr oif exists accept * Extend quota support to display wasted bytes, eg. table ip x { chain y { type filter hook forward pr...

...ft -f ruleset.file * Filtering based on layer 2 header selectors from the in inet family, eg. # nft add rule inet filter forward ether saddr 00:0f:54:0c:11:40 \ tcp dport 22 counter accept * Fix wrong dependency handling, eg. ip protocol != tcp udp dport ssh * Enforce ip6 proto with exthdr expression. * Generate the correct bytecode on NAT redirection where ports are specified, eg. # nft add rule ip nat prerouting tcp dport 80 redirect to 1025-2048 * Printing of rule comments where misplace when listing the rule handle, the example below shows the right output: # nft list...

https://bugzilla.netfilter.org/show_bug.cgi?id=936 Summary: frag: "more-fragments" and "reserved" are not identified by nftables Product: nftables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component:

...r { chain input { type filter hook input priority 0; policy accept; hbh unknown 0xa0000000000000000000000000002 [invalid type] } } I'm quite to nftables implementation, but after some walkthrough the code I think the problem might be as follows: - when we the struct exthdr_desc for rt0[1], we don't set the type value. - Then allocation function (exthdr_expr_alloc) allocates an HBH header template since the type value is 0. Folks who are more familiar with nftables implementation may have a better explanation so we can find a fix for the this BUG [1]http://gi...

...build: nftables 0.9.3 depends on libnftnl 1.1.5 segtree: don't remove nul-root element from interval set proto: add proto_desc_id enumeration expr: add expr_ops_by_type() parser: add typeof keyword for declarations meta: add parse and build userdata interface exthdr: add exthdr_desc_id enum and use it exthdr: add parse and build userdata interface socket: add parse and build userdata interface osf: add parse and build userdata interface ct: add parse and build userdata interface numgen: add parse and build userdata interface...

...t case that checks icmp6 in-ipv4 tests: nft removes required payload protocol expressions tests: enable ip/ip.t for bridge protocol, too tests: nft removes required inet dependency expressions ct: don't print newline if label bit cannot be mapped netlink_linearize: exthdr op must be u32 Harsha Sharma (4): tests: shell: add testcases for named limits tests/monitor: Print error "this requires root" and exit evaluate: print error for null string tests/py: add test for empty string match Pablo M. Bermudo Garay (1): src: do not p...

...= 2, set_flags = 16}, {set = 0x0}, {arg = 0x0}, {left = 0x0, right = 0x42fcf0 <proto_unknown_template>}, {map = 0x0, mappings = 0x42fcf0 <proto_unknown_template>}, payload = { desc = 0x0, tmpl = 0x42fcf0 <proto_unknown_template>, base = PROTO_BASE_NETWORK_HDR, offset = 16}, exthdr = {desc = 0x0, tmpl = 0x42fcf0 <proto_unknown_template>}, meta = {key = NFT_META_LEN, base = PROTO_BASE_INVALID}, ct = { key = NFT_CT_STATE}}} (gdb) p *ctx $3 = {msgs = 0x7fffffffde40, cmd = 0x64c8d0, table = 0x0, set = 0x0, stmt = 0x64c760, ectx = {dtype = 0x0, len = 0}, pctx = {family...

...are dependent of ICMP type) - Add table persist flag to JSON - Support for variables in map expressions define dst_map = { ::1234 : 5678 } table ip6 nat { map dst_map { typeof ip6 daddr : tcp dport; elements = $dst_map } chain prerouting { ip6 nexthdr tcp redirect to ip6 daddr map @dst_map } } - VLAN support: # payload statement ip saddr 10.1.1.1 icmp type echo-request vlan id set 321 # payload expression (QinQ matching) ether type 8021ad vlan id 10 vlan type 8021q vlan id 100 vlan type ip accept - Recycle existing cache...

Hi, Is the http://xenbits.xensource.com/linux-2.6-xen.hg tree still being updated? if not, what''s the preferred Linux tree to track that has all of the Xen bits? Thanks, Muli _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

Changes: tools/blktap: remove unneeded pointer dereferencing in convert_dev_name_to_num tools/blktap: constify string arrays in convert_dev_name_to_num tools/blktap: fix params and physical-device parsing tools/blktap: remove unneeded pointer dereferencing from img2qcow.c tools/blktap: remove unneeded pointer dereferencing from qcow2raw.c tools/blktap2: fix build errors caused by Werror in

...| 2 +- net/ipv4/tcp_input.c | 6 +- net/ipv4/tcp_ipv4.c | 4 +- net/ipv4/udp.c | 2 +- net/ipv6/addrconf.c | 6 +- net/ipv6/ah6.c | 2 +- net/ipv6/exthdrs.c | 2 +- net/ipv6/icmp.c | 2 +- net/ipv6/ip6_fib.c | 8 +- net/ipv6/ip6mr.c | 2 +- net/ipv6/ndisc.c | 2 +- net/ipv6/netfilter/nf_log_ipv6.c...

...| 2 +- net/ipv4/tcp_input.c | 6 +- net/ipv4/tcp_ipv4.c | 4 +- net/ipv4/udp.c | 2 +- net/ipv6/addrconf.c | 6 +- net/ipv6/ah6.c | 2 +- net/ipv6/exthdrs.c | 2 +- net/ipv6/icmp.c | 2 +- net/ipv6/ip6_fib.c | 8 +- net/ipv6/ip6mr.c | 2 +- net/ipv6/ndisc.c | 2 +- net/ipv6/netfilter/nf_log_ipv6.c...

...| 2 +- net/ipv4/tcp_input.c | 6 +- net/ipv4/tcp_ipv4.c | 4 +- net/ipv4/udp.c | 2 +- net/ipv6/addrconf.c | 6 +- net/ipv6/ah6.c | 2 +- net/ipv6/exthdrs.c | 2 +- net/ipv6/icmp.c | 2 +- net/ipv6/ip6_fib.c | 8 +- net/ipv6/ip6mr.c | 2 +- net/ipv6/ndisc.c | 2 +- net/ipv6/netfilter/nf_log_ipv6.c...

...| 2 +- net/ipv4/tcp_input.c | 6 +- net/ipv4/tcp_ipv4.c | 4 +- net/ipv4/udp.c | 2 +- net/ipv6/addrconf.c | 6 +- net/ipv6/ah6.c | 2 +- net/ipv6/exthdrs.c | 2 +- net/ipv6/icmp.c | 2 +- net/ipv6/ip6_fib.c | 8 +- net/ipv6/ip6mr.c | 2 +- net/ipv6/ndisc.c | 2 +- net/ipv6/netfilter/nf_log_ipv6.c...

...| 2 +- net/ipv4/tcp_input.c | 6 +- net/ipv4/tcp_ipv4.c | 4 +- net/ipv4/udp.c | 2 +- net/ipv6/addrconf.c | 6 +- net/ipv6/ah6.c | 2 +- net/ipv6/exthdrs.c | 2 +- net/ipv6/icmp.c | 2 +- net/ipv6/ip6_fib.c | 8 +- net/ipv6/ip6mr.c | 2 +- net/ipv6/ndisc.c | 2 +- net/ipv6/netfilter/nf_log_ipv6.c...