From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Cc: Netfilter Development Mailing list <netfilter-devel@vger.kernel.org>
Subject: Re: [nft PATCH v2] src: add redirect support
Date: Tue, 4 Nov 2014 14:37:12 +0100 [thread overview]
Message-ID: <20141104133712.GA9190@salvia> (raw)
In-Reply-To: <CAOkSjBibjQa7A-WEw0NbhmRnKNsDgWxgGVe7EP9V8S600uKMGg@mail.gmail.com>
On Mon, Nov 03, 2014 at 08:42:13PM +0100, Arturo Borrero Gonzalez wrote:
> On 30 October 2014 17:25, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> > On Thu, Oct 16, 2014 at 12:41:19PM +0200, Arturo Borrero Gonzalez wrote:
> >> This patch adds redirect support for nft.
> >>
> >> The syntax is:
> >>
> >> % nft add rule nat prerouting redirect [port|nat_flags]
> >
> > I prefer if you add a couple of valid examples to the patch
> > description. This won't work as the protocol is not specified.
> >
> > There's also some minor issues with this patch:
> >
> > % nft add rule nat prerouting redirect
> > Memory allocation failure
> >
> > Please, address and resubmit, thanks Arturo.
>
> Hi Pablo,
>
> I've take further look at this patch. I don't see any issue.
>
> As masquerade, I think redirect without protocol should work. I just
> tested again the patch with ICMP packets and the redirection simply
> works. I used tcpdump for the checks. The rule I used is the same as
> in the patch description.
I think this needs to be:
% nft add rule nat prerouting redirect [port] [nat_flags]
And, I think it doesn't make any bad if you extend the description
with some examples as I requested.
Or update the documentation in the same patch including the new
redirect expression.
I'm going to apply this now, but next time please address my requests.
> Regarding the memory allocation failure, I'm unable to find the issue.
My fault, the "memory allocation failure" happens when you use an old
libnftnl with no redirect support, which was the case in my testbed. I
just fixed it here.
next prev parent reply other threads:[~2014-11-04 13:35 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-16 10:41 [nft PATCH v2] src: add redirect support Arturo Borrero Gonzalez
2014-10-30 16:25 ` Pablo Neira Ayuso
2014-10-30 16:33 ` Pablo Neira Ayuso
2014-11-03 19:42 ` Arturo Borrero Gonzalez
2014-11-04 13:37 ` Pablo Neira Ayuso [this message]
2014-11-04 13:56 ` Arturo Borrero Gonzalez
2014-11-04 14:44 ` Pablo Neira Ayuso
2014-11-04 15:04 ` Arturo Borrero Gonzalez
2014-11-04 16:04 ` Pablo Neira Ayuso
2014-11-04 16:11 ` Arturo Borrero Gonzalez
-- strict thread matches above, loose matches on Subject: below --
2014-11-03 20:20 Arturo Borrero Gonzalez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141104133712.GA9190@salvia \
--to=pablo@netfilter.org \
--cc=arturo.borrero.glez@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).