| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | xtables: Don't pass full invflags to add_compat() | Phil Sutter | 2018-08-09 | 1 | -0/+10 |
| | | | | | | | | | | | | The function expects a boolean, not a bitfield. This bug caused inversion in another match to carry over to protocol match by accident. The supplied testcase contains rules which then fail because they contain matches requiring that protocol. Fixes: 4ef77b6d1b52e ("xtables: fix missing protocol and invflags") Fixes: 4143a08819a07 ("ebtables-compat: add nft rule compat information to bridge rules") Signed-off-by: Phil Sutter <phil@nwl.cc> | ||||
| * | xtables: avoid bogus 'is incompatible' warning | Florian Westphal | 2018-07-24 | 1 | -0/+21 |
| when using custom nft tables + iptables-nft, iptables-nft -L may fail with iptables v1.8.0 (nf_tables): table `filter' is incompatible, use 'nft' tool. even if filter table is compatible. Problem is that the chain cache tracks ALL chains. The "old" compat-check only walked chains in the table to checked (filter in this case), now we will see all other chains including base chains of another table. It seems better to extend the chain cache long-term to track chains per table instead, but for now skip the foreign ones. Reported-by: Eric Garver <e@erig.me> Fixes: 01e25e264a4c4 ("xtables: add chain cache") Signed-off-by: Florian Westphal <fw@strlen.de> | |||||
 |
index : iptables | |
| iptables tree | pablo@netfilter.org |
| summaryrefslogtreecommitdiffstats |