IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
g_thread_new is part of glib directly, libgthread only
contains the deprecated g_thread_init() & friends which we
do not use.
This silences a build warning.
the funciton nflog_bind_pf(...) returns an integer smaller 0 on a
failure, we negated that which results in 1 if no failure and 0 if
there was a failure.
This is ambiguous and as no parenthesis are set the GCC 6 warning
"logical-not-parentheses" gets triggered.
Use a simple
nflog_bind_pf(...) < 0
check instead.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Skip zero-prefix routes as they make no sense to be
considered (and ipset doesn't allow ::/0 to be added
anyway).
Support /128 local addresses by also checking for identical
addresses beside b-in-a overlapping.
the allowed length for an iptable chain is 28 chars
we had a max set of 20 but a format of
GROUP-<name>-IN and
GROUP-<name>-OUT
where <name> is the group name
but GROUP--OUT are 10 chars so we just allow 18 chars max
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
if we had mulitple security groups and wanted to
edit one, we did not have a stable digest,
because perl hashes are not sorted
this patch sorts the keys before hashing
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This way we can let the remaining 31 bits be used by the
user.
Note that the routing decision has already been made when
these tables are being traversed, so the fwmark will not be
usable for routing rules (ip-rule(8)), but the mark can
still be used for other tasks such as traffic control (tc)
which happens on the outgoing interface.
