Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Martin Willi <martin@strongswan.org>
Cc: Florian Westphal <fw@strlen.de>,
	netfilter-devel@vger.kernel.org, netdev@vger.kernel.org,
	David Ahern <dsahern@gmail.com>
Subject: Re: [PATCH netfilter/iptables] Add new slavedev match extension
Date: Thu, 16 Jan 2020 20:59:39 +0100
Message-ID: <20200116195939.5ordyhfwfspspafa@salvia> (raw)
In-Reply-To: <83ada82dbc93439d794c2407e3c91dd1b69bcbaa.camel@strongswan.org>

Hi Marti,

On Fri, Jan 10, 2020 at 05:34:12PM +0100, Martin Willi wrote:
> Pablo,
> 
> > This patchset introduces a new Netfilter match extension to match
> > input interfaces that are associated to a layer 3 master device. The
> > first patch adds the new match to the kernel, the other provides an
> > extension to userspace iptables to make use of the new match.
> 
> These patches have been marked as superseded in patchworks, likely due
> to Florian's nftables version that has been merged.
> 
> While I very much appreciate the addition of VRF interface matching to
> nftables, some users still depend on plain iptables for filtering. So I
> guess there is some value in these patches for those users to extend
> their filtering with VRF support.

A single xt_slavedev module only for this is too much overhead, if you
find an existing extension (via revision infrastructure) where you can
make this fit in, I would consider this.

Thanks.

  reply index

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-17 13:56 Martin Willi
2019-12-17 13:56 ` [PATCH nf-next] netfilter: xt_slavedev: Add new L3master slave input device match Martin Willi
2019-12-17 13:56 ` [PATCH iptables] extensions: Add new xt_slavedev input interface match extension Martin Willi
2020-01-10 16:34 ` [PATCH netfilter/iptables] Add new slavedev " Martin Willi
2020-01-16 19:59   ` Pablo Neira Ayuso [this message]
2020-01-17 12:00     ` Martin Willi

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200116195939.5ordyhfwfspspafa@salvia \
    --to=pablo@netfilter.org \
    --cc=dsahern@gmail.com \
    --cc=fw@strlen.de \
    --cc=martin@strongswan.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org
	public-inbox-index netfilter-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git