On 12 January 2014 21:40, Kevin Fenzi <kevin@xxxxxxxxx> wrote: > Greetings. > > I apologize in advance if this is not the right place to discuss this. > If it's not, please point me the right direction and I will move it > there. :) > > I am packaging up libnftables/nftables for Fedora. good to know! :) > > 2. There is some question about the /etc/nftables/* scripts. In Fedora > land, things in /etc/ should be config files, but these aren't really > config files. They call nft without a full path (/usr/sbin/nft, etc). > Should these really be in /usr/share ? or is it expected users will > modify them? Could you clarify the use case there? > There is a patch from me to address this: http://patchwork.ozlabs.org/patch/304866/ Feel free to test it and comment. I have the same issue in the Debian land. I applied the patch locally in the package as a workaround. The patch is not applied yet to upstream. > > 6. I recently enabled the xml stuff in libnftables and am seeing a > number of tests fail: > > parsing xmlfiles/55-rule-real.xml: [31mFAILED [0m (Invalid argument) > and > parsing xmlfiles/74-set.xml: [31mFAILED [0m (Invalid argument) > mxml: <!-- nft add rule filter output ct secmark 0 counter --> cannot > be a second root node after <nftables> > I can't see the libmxml version in the build log. Which version of libmxml are you using? Seem that your version of libmxml treats XML comments different than in my version (libmxml 2.6 from Debian). Also I guess you are using an outdated snapshot of libnftables. Some important changes happened to the XML/JSON parsers. Anyway, thanks for the report, I'm going to review the XML parser. > > Are these expected? The Invalid argument might be because it doesn't > have nftables available in the build kernel? But the json tests > work. :( > Not expected at all. These tests simply parse the XML/JSON input, they don't send anything to the kernel. > Thanks. Again, if I should send this somewhere else instead, just let > me know. Comments welcome here, direct email and/or in the above review > bugs. ;) I think this is the right place. Thanks. -- Arturo Borrero González -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
