| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Value 1 is signed by default and left-shifting by 31 is undefined for
those. Fix this by marking the value as unsigned.
Fixes: 64a0e09894e52 ("extensions: libxt_cluster: Add translation to nft")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add translation for cluster to nft
$ sudo iptables-translate -A PREROUTING -t mangle -i eth1 -m cluster
--cluster-total-nodes 7 --cluster-local-node 5 --cluster-hash-seed
0xdeadbeef -j MARK --set-mark 0xffff
nft add rule ip mangle PREROUTING iifname eth1 jhash ct original saddr
mod 7 seed 0xdeadbeef eq 5 meta pkttype set host counter meta mark set
0xffff
$ sudo iptables-translate -A PREROUTING -t mangle -i eth1 -m cluster
--cluster-total-nodes 7 --cluster-local-nodemask 5 --cluster-hash-seed
0xdeadbeef -j MARK --set-mark 0xffff
nft add rule ip mangle PREROUTING iifname eth1 jhash ct original saddr
mod 7 seed 0xdeadbeef { 0, 2 } meta pkttype set host counter meta
mark set 0xffff
Signed-off-by: Shyam Saini <mayhs11saini@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In libxt_cluster.c, we use:
info->flags |= (1 << XT_CLUSTER_F_INV);
but we should use instead:
info->flags |= XT_CLUSTER_F_INV;
since the definition of XT_CLUSTER_F_INV is:
enum xt_cluster_flags {
XT_CLUSTER_F_INV = (1 << 0)
};
This fixes the inversion in the cluster match.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to the use of printf("foobar "), iptables emits spaces at the
end-of-line, which looks odd to some users because it causes the
terminal to wrap even if there is seemingly nothing to print.
It may also have other points of annoyance, such as mailers
interpreting a trailing space as an indicator that the paragraph
continues when format=flowed is also on.
And git highlights trailing spaces in red, so let's avoid :)
Preexisting inconsistencies in outputting spaces in the right
spot are also addressed right away.
References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
| |
Match and target parse functions now only get option characters they
have defined themselves.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
Try to inhibit copypasting old stuff.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
|
| |
In going to fix NF bug #611, "argv" is needed in
xtables_check_inverse to set "optarg" to the right spot in case of an
intrapositional negation.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=611
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
| |
This constant would be the designated one for the .family field; it
also, given recent changes, makes grep for NFPROTO_UNSPEC work to
finally recollect all manpages.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
This patch adds support for the cluster match to iptables.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
