| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Takes advantage of the fact that the current maximum label storage area
is 128 bits, i.e. the dynamically allocated extension area in the
kernel will always fit into a nft register.
Currently this re-uses rt_symbol_table_init() to read connlabel.conf.
This works since the format is pretty much the same.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for the queue target. It is now possible
to specify rule sending packet to a given queue and using load
balancing:
nft add rule filter output queue num 3 total 2 options fanout
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If nft is compiled without nftables Linux kernel headers installed, we
hit a compilation error:
src/mnl.c: In function ‘mnl_batch_put’:
src/mnl.c:117:16: error: ‘NFNL_SUBSYS_NFTABLES’ undeclared (first use in
this function)
src/mnl.c:117:16: note: each undeclared identifier is reported only once
for each function it appears in
src/mnl.c: In function ‘mnl_batch_begin’:
src/mnl.c:125:16: error: ‘NFNL_MSG_BATCH_BEGIN’ undeclared (first use in
this function)
src/mnl.c: In function ‘mnl_batch_end’:
src/mnl.c:130:16: error: ‘NFNL_MSG_BATCH_END’ undeclared (first use in
this function)
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|