Displaying 4 results from an estimated 4 matches for "nfbpf_compile".
2013 May 29
1
[ANNOUNCE] iptables 1.4.19 release
...lve link failure for ip6t_NETMAP"
libxt_osf: fix missing --ttl and --log in save output
libxt_osf: fix bad location for location in --genre
libip6t_SNPT: add manpage
libip6t_DNPT: add manpage
Merge branch 'stable'
utils: updates .gitignore to include nfbpf_compile
extensions: libxt_bpf: clarify --bytecode argument
libxtables: fix parsing of dotted network mask format
build: bump version to 1.4.19
Patrick McHardy (1):
libxt_conntrack: fix state match alias state parsing
Willem de Bruijn (2):
extensions: add libxt_bpf extension...
2016 Feb 18
0
[Bug 1048] xt_bpf completely broken with kernel 4.3
...appears that xt_bpf isn't functioning at all. For example:
>
> iptables -A INPUT -p udp -m bpf --bytecode "`tcpdump -i lo -ddd udp | tr
> '\n' ,`" -j LOG
>
> should log all UDP packets, but it logs none because -m bpf never matches.
You may want to check out nfbpf_compile and bpf_asm:
* nfbpf_compile:
http://git.netfilter.org/iptables/commit/?id=1ac30c97c339957b6e3c5cf571de7bc38c827730
* bpf_asm: kernel tree under tools/net/
On which interface is iptables running? Does RAW linktype work for you?
--
You are receiving this mail because:
You are watching all b...
2016 Feb 19
0
[Bug 1048] xt_bpf completely broken with kernel 4.3
.... This should
resolve your use-case.
The problem is that with libpcap, the filters are generated for tcpdump
specifically, and tcpdump doesn't need to care about SKF_NET_OFF/SKF_LL_OFF as
it sees raw packet starting with Ethernet header. So, reusing libpcap is a bit
suboptimal, but perhaps the nfbpf_compile tool could be changed into rewriting
the offsets so it would work with iptables in all cases.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilte...
2019 May 27
0
[ANNOUNCE] iptables 1.8.3 release
...yindex()
nft: Simplify nft_is_chain_compatible()
nft: Simplify flush_chain_cache()
xtables: Set errno in nft_rule_check() if chain not found
nft: Add new builtin chains to cache immediately
xtables: Fix position of replaced rules in cache
utils: Add a manpage for nfbpf_compile
xtables: Fix for inserting rule at wrong position
xtables: Speed up chain deletion in large rulesets
arptables-nft: Fix listing rules without target
arptables-nft: Fix MARK target parsing and printing
arptables-nft: Fix CLASSIFY target printing
arptables-nft: Rem...