* [PATCH conntrack 1/2] Revert "conntrack: fix expectation entry creation"
@ 2016-01-15 19:47 Asbjørn Sloth Tønnesen
2016-01-15 19:47 ` [PATCH conntrack 2/2] conntrack: fix expectation entry creation Asbjørn Sloth Tønnesen
2016-01-20 14:09 ` [PATCH conntrack 1/2] Revert "conntrack: fix expectation entry creation" Pablo Neira Ayuso
0 siblings, 2 replies; 5+ messages in thread
From: Asbjørn Sloth Tønnesen @ 2016-01-15 19:47 UTC (permalink / raw)
To: Pablo Neira Ayuso, pfeiffer.szilard; +Cc: netfilter-devel
{} is mask-src and mask-dst, [] is tuple-src and tuple-dst
mask-* should be stored in mask, tuple-* should be stored in exptuple.
This reverts commit 3309fdb4413cb32f9b95e05064dc9dbb56550939
since it mixed up {} and [].
---
src/conntrack.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/conntrack.c b/src/conntrack.c
index 3ae4527..324daf4 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -2074,8 +2074,6 @@ int main(int argc, char *argv[])
break;
case '{':
case '}':
- nfct_set_addr_from_opt(c, tmpl.exptuple, &ad, &family);
- break;
case '[':
case ']':
nfct_set_addr_from_opt(c, tmpl.mask, &ad, &family);
--
2.6.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH conntrack 2/2] conntrack: fix expectation entry creation
2016-01-15 19:47 [PATCH conntrack 1/2] Revert "conntrack: fix expectation entry creation" Asbjørn Sloth Tønnesen
@ 2016-01-15 19:47 ` Asbjørn Sloth Tønnesen
2016-01-20 14:10 ` Pablo Neira Ayuso
2016-01-20 14:09 ` [PATCH conntrack 1/2] Revert "conntrack: fix expectation entry creation" Pablo Neira Ayuso
1 sibling, 1 reply; 5+ messages in thread
From: Asbjørn Sloth Tønnesen @ 2016-01-15 19:47 UTC (permalink / raw)
To: Pablo Neira Ayuso, pfeiffer.szilard; +Cc: netfilter-devel
Store tuple-src and tuple-dst in exptuple,
as used by the EXP_CREATE case.
Verified with doc/cli/test.sh
Also reorder the cases, so the netmask case is last.
Reported-by: Szilárd Pfeiffer <pfeiffer.szilard@balabit.hu>
Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.dk>
---
src/conntrack.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/conntrack.c b/src/conntrack.c
index 324daf4..45b8822 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -2072,10 +2072,12 @@ int main(int argc, char *argv[])
case 'q':
nfct_set_addr_from_opt(c, tmpl.ct, &ad, &family);
break;
- case '{':
- case '}':
case '[':
case ']':
+ nfct_set_addr_from_opt(c, tmpl.exptuple, &ad, &family);
+ break;
+ case '{':
+ case '}':
nfct_set_addr_from_opt(c, tmpl.mask, &ad, &family);
break;
case 'p':
--
2.6.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH conntrack 1/2] Revert "conntrack: fix expectation entry creation"
2016-01-15 19:47 [PATCH conntrack 1/2] Revert "conntrack: fix expectation entry creation" Asbjørn Sloth Tønnesen
2016-01-15 19:47 ` [PATCH conntrack 2/2] conntrack: fix expectation entry creation Asbjørn Sloth Tønnesen
@ 2016-01-20 14:09 ` Pablo Neira Ayuso
2016-01-20 20:30 ` Asbjørn Sloth Tønnesen
1 sibling, 1 reply; 5+ messages in thread
From: Pablo Neira Ayuso @ 2016-01-20 14:09 UTC (permalink / raw)
To: Asbjørn Sloth Tønnesen; +Cc: pfeiffer.szilard, netfilter-devel
On Fri, Jan 15, 2016 at 07:47:43PM +0000, Asbjørn Sloth Tønnesen wrote:
> {} is mask-src and mask-dst, [] is tuple-src and tuple-dst
> mask-* should be stored in mask, tuple-* should be stored in exptuple.
Applied, thanks for fixing up this.
BTW, we have better tests under:
conntrack-tools/tests/conntrack/testsuite
I remember you also posted patches for:
http://patchwork.ozlabs.org/patch/428341/
http://patchwork.ozlabs.org/patch/428343/
http://patchwork.ozlabs.org/patch/428342/
It would be great if you can follow up on this, IIRC the only changed
I asked for is that it would be good to have test for this new
feature.
This has been in my TODO list for a while and I didn't find the time
to make it myself.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH conntrack 2/2] conntrack: fix expectation entry creation
2016-01-15 19:47 ` [PATCH conntrack 2/2] conntrack: fix expectation entry creation Asbjørn Sloth Tønnesen
@ 2016-01-20 14:10 ` Pablo Neira Ayuso
0 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2016-01-20 14:10 UTC (permalink / raw)
To: Asbjørn Sloth Tønnesen; +Cc: pfeiffer.szilard, netfilter-devel
On Fri, Jan 15, 2016 at 07:47:44PM +0000, Asbjørn Sloth Tønnesen wrote:
> Store tuple-src and tuple-dst in exptuple,
> as used by the EXP_CREATE case.
>
> Verified with doc/cli/test.sh
>
> Also reorder the cases, so the netmask case is last.
Also applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH conntrack 1/2] Revert "conntrack: fix expectation entry creation"
2016-01-20 14:09 ` [PATCH conntrack 1/2] Revert "conntrack: fix expectation entry creation" Pablo Neira Ayuso
@ 2016-01-20 20:30 ` Asbjørn Sloth Tønnesen
0 siblings, 0 replies; 5+ messages in thread
From: Asbjørn Sloth Tønnesen @ 2016-01-20 20:30 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: pfeiffer.szilard, netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1408 bytes --]
Hi Pablo,
On Wed, 20 Jan 2016 15:09:55 +0100, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> On Fri, Jan 15, 2016 at 07:47:43PM +0000, Asbjørn Sloth Tønnesen wrote:
> > {} is mask-src and mask-dst, [] is tuple-src and tuple-dst
> > mask-* should be stored in mask, tuple-* should be stored in exptuple.
>
> Applied, thanks for fixing up this.
>
> BTW, we have better tests under:
>
> conntrack-tools/tests/conntrack/testsuite
I know they just don't have any expectation tests yet.
They properly should be ported. How is the policy
on adding module requirements to the tests?
I.e. `test.sh create-expect` has a comment about requiring
thr ip_conntrack_ftp module.
> I remember you also posted patches for:
>
> http://patchwork.ozlabs.org/patch/428341/
> http://patchwork.ozlabs.org/patch/428343/
> http://patchwork.ozlabs.org/patch/428342/
>
> It would be great if you can follow up on this, IIRC the only changed
> I asked for is that it would be good to have test for this new
> feature.
I rebased it last summer, and then again last week, I just had
to get these patches in first, since I re-use the mask arguments.
I will post it in two patchsets, first cleanup and netmask support,
and then CIDR support.
> This has been in my TODO list for a while and I didn't find the time
> to make it myself.
Mine too.
--
Best regards
Asbjørn Sloth Tønnesen
Network Engineer
Fiberby ApS - AS42541
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-01-20 22:31 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-15 19:47 [PATCH conntrack 1/2] Revert "conntrack: fix expectation entry creation" Asbjørn Sloth Tønnesen
2016-01-15 19:47 ` [PATCH conntrack 2/2] conntrack: fix expectation entry creation Asbjørn Sloth Tønnesen
2016-01-20 14:10 ` Pablo Neira Ayuso
2016-01-20 14:09 ` [PATCH conntrack 1/2] Revert "conntrack: fix expectation entry creation" Pablo Neira Ayuso
2016-01-20 20:30 ` Asbjørn Sloth Tønnesen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.