search for: secpath

...oifname "eth0" counter packets 90 bytes 26085 accept } } As you can see, the inserted rule allows everything, while the expected behavior would be 'only if going through an IPsec tunnel'. Even worse: inserting the rule did not fail. Until the 'ipsec' (or 'secpath') keyword works properly (and supports all options), an acceptable behavior would be to reject the rule if one or more keywords are not supported by nftables. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment w...

....org Happy firewalling! [1] https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables#using_the_nf_tables_compat_backend -------------- next part -------------- Arturo Borrero Gonzalez (1): doc/nft.xml: mention nftables earlier Florian Westphal (2): meta: add secpath support doc: dup and fwd statements Harsha Sharma (1): tests: shell: fetch rule handle with '-a' option and then delete rule Pablo M. Bermudo Garay (1): update gitignore Pablo Neira Ayuso (4): Revert ("src: Remove xt_stmt_() functions"). src: add &...

.../* XXX */ - decaps = 1; - break; + + if (x->props.mode) { + decaps = 1; + break; } if ((err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) < 0) goto drop; + } while (!err); /* Allocate new secpath or COW existing one. */ @@ -110,6 +123,7 @@ netif_rx(skb); return -1; } else { + #ifdef CONFIG_NETFILTER skb->nh.ipv6h->payload_len = htons(skb->len); __skb_push(skb, skb->data - skb->nh.raw); diff -urN a/net/ipv6/ah6.c b/net/ipv6/ah6.c ---...