interesting
/
nftables
mirror of https://github.com/google/nftables.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

add DataInterval flag for maps, fix comments (#327)

This commit is contained in:
Nikita Vorontsov 2025-09-19 17:36:24 +03:00 committed by GitHub
parent ba5b671e14
commit 4195a123ff
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 39 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
set.go
View File

@ -247,16 +247,17 @@ func ConcatSetTypeElements(t SetDatatype) []SetDatatype {
// Set represents an nftables set. Anonymous sets are only valid within the // Set represents an nftables set. Anonymous sets are only valid within the
// context of a single batch. // context of a single batch.
type Set struct { type Set struct {
Table *Table Table *Table
ID uint32 ID uint32
Name string Name string
Anonymous bool Anonymous bool
Constant bool Constant bool
Interval bool Interval bool
AutoMerge bool DataInterval bool
IsMap bool AutoMerge bool
HasTimeout bool IsMap bool
Counter bool HasTimeout bool
Counter bool
// Can be updated per evaluation path, per `nft list ruleset` // Can be updated per evaluation path, per `nft list ruleset`
// indicates that set contains "flags dynamic" // indicates that set contains "flags dynamic"
// https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=84d12cfacf8ddd857a09435f3d982ab6250d250c#n298 // https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=84d12cfacf8ddd857a09435f3d982ab6250d250c#n298
@ -674,6 +675,10 @@ func (cc *Conn) AddSet(s *Set, vals []SetElement) error {
userData = userdata.AppendUint32(userData, userdata.NFTNL_UDATA_SET_MERGE_ELEMENTS, 1) userData = userdata.AppendUint32(userData, userdata.NFTNL_UDATA_SET_MERGE_ELEMENTS, 1)
} }
if s.DataInterval {
userData = userdata.AppendUint32(userData, userdata.NFTNL_UDATA_SET_DATA_INTERVAL, 1)
}
if len(s.Comment) != 0 { if len(s.Comment) != 0 {
userData = userdata.AppendString(userData, userdata.NFTNL_UDATA_SET_COMMENT, s.Comment) userData = userdata.AppendString(userData, userdata.NFTNL_UDATA_SET_COMMENT, s.Comment)
} }
@ -797,8 +802,16 @@ func setsFromMsg(msg netlink.Message) (*Set, error) {
set.DataType.Bytes = binary.BigEndian.Uint32(ad.Bytes()) set.DataType.Bytes = binary.BigEndian.Uint32(ad.Bytes())
case unix.NFTA_SET_USERDATA: case unix.NFTA_SET_USERDATA:
data := ad.Bytes() data := ad.Bytes()
value, ok := userdata.GetUint32(data, userdata.NFTNL_UDATA_SET_MERGE_ELEMENTS) if val, ok := userdata.GetString(data, userdata.NFTNL_UDATA_SET_COMMENT); ok {
set.AutoMerge = ok && value == 1 set.Comment = val
}
if val, ok := userdata.GetUint32(data, userdata.NFTNL_UDATA_SET_MERGE_ELEMENTS); ok {
set.AutoMerge = val == 1
}
if val, ok := userdata.GetUint32(data, userdata.NFTNL_UDATA_SET_DATA_INTERVAL); ok {
set.DataInterval = val == 1
}
case unix.NFTA_SET_DESC: case unix.NFTA_SET_DESC:
nestedAD, err := netlink.NewAttributeDecoder(ad.Bytes()) nestedAD, err := netlink.NewAttributeDecoder(ad.Bytes())
if err != nil { if err != nil {

15
set_test.go
View File

@ -257,13 +257,26 @@ func TestMarshalSet(t *testing.T) {
name: "Vedict map", name: "Vedict map",
set: Set{ set: Set{
Name: "test-map", Name: "test-map",
ID: uint32(3), ID: uint32(4),
Table: tbl, Table: tbl,
KeyType: TypeIPAddr, KeyType: TypeIPAddr,
DataType: TypeVerdict, DataType: TypeVerdict,
IsMap: true, IsMap: true,
}, },
}, },
{
name: "Map ip-ip", // generic case
set: Set{
Name: "test-map",
ID: uint32(5),
Table: tbl,
KeyType: TypeIPAddr,
DataType: TypeIPAddr,
DataInterval: true,
IsMap: true,
Comment: "test-comment",
},
},
} }
for i, tt := range tests { for i, tt := range tests {