| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z9rsahBCpwUkDTmf@zx2c4.com> Date: Wed, 19 Mar 2025 17:10:18 +0100 From: "Jason A. Donenfeld" <Jason@...c4.com> To: Hangbin Liu <liuhangbin@...il.com> Cc: netdev@...r.kernel.org, Jakub Kicinski <kuba@...nel.org>, Shuah Khan <shuah@...nel.org>, "David S. Miller" <davem@...emloft.net>, Simon Horman <horms@...nel.org>, Phil Sutter <phil@....cc>, Florian Westphal <fw@...len.de>, Petr Mladek <pmladek@...e.com>, Yoann Congal <yoann.congal@...le.fr>, wireguard@...ts.zx2c4.com, bpf@...r.kernel.org, linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCHv4 RESEND net-next 1/2] selftests: wireguards: convert iptables to nft On Mon, Jan 06, 2025 at 08:10:42AM +0000, Hangbin Liu wrote: > +n0 nft add rule ip wgtest INPUT meta length 1360 counter drop What's the point of `counter` here? It's never read back. > +n0 nft add rule ip wgtest POSTROUTING ip saddr 192.168.1.0/24 ip daddr 10.0.0.0/24 counter snat to 10.0.0.1 Ditto. > +n1 nft add rule ip wgtest OUTPUT counter meta mark set 0x1 Ditto. > +n2 nft add rule ip wgtest POSTROUTING ip saddr 10.0.0.0/24 ip daddr 192.168.241.0/24 counter snat to 192.168.241.2 Ditto. > +n0 nft add rule ip wgtest INPUT iifname "vethrs" ip saddr != 10.0.0.0/24 counter drop Ditto.
Powered by blists - more mailing lists