search for: l3proto

https://bugzilla.netfilter.org/show_bug.cgi?id=1062 --- Comment #2 from Jeremy Sowden <jeremy at azazel.net> --- In the ipv4 case: for (i = 0; i < f->l3proto_elems[dir]; i++) { int ip = f->l3proto[dir][i].addr & f->l3proto[dir][i].mask; j += nfct_bsf_load_attr(this, BPF_W, j); j += nfct_bsf_alu_and(this, f->l3proto[dir][i].mask, j); j += nfct_bsf_cmp_k_stack(this, ip, jt - j, j, s); } there is one compa...

...nerated by iptables-save v1.6.0 on Tue Feb 16 20:59:25 2016 *raw :PREROUTING ACCEPT [6:406] :OUTPUT ACCEPT [5:268] -A PREROUTING -p tcp -m tcp --dport 1416 -j CT --timeout test-tcp-2 -A PREROUTING -p tcp -m tcp --dport 1414 -j CT --timeout test-tcp COMMIT # nfct list timeout .test-tcp = { .l3proto = 2, .l4proto = 6, .policy = { .SYN_SENT = 120, .SYN_RECV = 60, .ESTABLISHED = 100, .FIN_WAIT = 120, .CLOSE_WAIT = 10, .LAST_ACK = 30, .TIME_WAIT = 120, .C...

...ar fixes: 'snat' and 'dnat' now require 'to', eg. snat to 1.2.3.4. For consistency with existing statements such as redirect, masquerade, dup and fwd. Moreover, add colon after 'to' in 'redirect' for consistency with nat and masq statements. * Allow ct l3proto/protocol without direction since they are unrelated to the direction. * Explicit ruleset exportation, eg. nft export ruleset json, for consistency with other existing ruleset commands. * Always quote user-defined strings from rules when listing them. * Support for RFC2732 IPv6 address format...

...gression: fix arp.t expected payload doc: update meta and ct expression keyword lists ct: add support for directional keys netlink: don't handle lhs zero-length expression as concat type netlink: only drop mask if it matches left known-size operand src: ct: make ct l3proto work tests: add ct tests for ip family nft: swap key and direction in ct_dir syntax ct: add packet/byte counter support netlink_linearize: use u64 conversion for 64bit quantities ct regression tests for bytes, packets tests: ct: remove BUG cases that work with cu...