| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
nfproto meta dependency is no longer needed, keep one test
since we still support this syntax.
When meta is not provided, no need to add a dependency because
nft_rt already checks pf number before checking skb->dst.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
expr_rt might write data in host byte order, so make sure to
convert if needed.
This makes 'tcp option maxseg size rt mtu' actually work, right now such rules
are no-ops because nft_exthdr never increases the mss.
While at it, extend the example to not bother testing non-syn packets.
Reported-by: Matteo Croce <technoboy85@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
with meta nfproto, which generates a bit fewer instructions.
Signed-off-by: Anders K. Pedersen <akp@cohaesio.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|