| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
This can be used to check if a packet has a secpath attached to it, i.e.
was subject to ipsec processing. Example:
add rule inet raw prerouting meta secpath exists accept
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
|
|
| |
+inet/meta.t: line: 10: 'add rule inet t input meta nfproto ipv6 tcp dport 22': 'meta nfproto ipv6 tcp dport 22' mismatches 'tcp dport 22'
+inet/meta.t: line: 11: 'add rule inet t input meta nfproto ipv4 tcp dport 22': 'meta nfproto ipv4 tcp dport 22' mismatches 'tcp dport 22'
+inet/meta.t: line: 13: 'add rule inet t input meta nfproto ipv6 meta l4proto tcp': 'meta nfproto ipv6 meta l4proto 6' mismatches 'meta l4proto 6'
+inet/ip_tcp.t: line: 20: 'src/nft add rule inet test input ether type ip tcp dport 22': 'ether type ip tcp dport 22' mismatches 'tcp dport 22'
All of these are actual errors, i.e. meaning of rule is changed.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
Followup patch will reject meta nfproto for non-inet families.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
|