interesting
/
nftables
mirror of https://github.com/google/nftables.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Log prefix expression support (#146) 

Fixes https://github.com/google/nftables/issues/115
Added expr.Log to EXPR_DATA switch
Added test for expr.Log parsing
This commit is contained in:
turekt 2022-02-19 19:57:22 +00:00 committed by GitHub
parent edf9fe8cd0
commit 8aa05f01ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 69 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
nftables_test.go
View File

@ -569,6 +569,73 @@ func TestConfigureNATSourceAddress(t *testing.T) {
}
}
func TestExprLogPrefix(t *testing.T) {
c, newNS := openSystemNFTConn(t)
defer cleanupSystemNFTConn(t, newNS)
c.FlushRuleset()
defer c.FlushRuleset()
filter := c.AddTable(&nftables.Table{
Family: nftables.TableFamilyIPv4,
Name: "filter",
})
input := c.AddChain(&nftables.Chain{
Name: "input",
Table: filter,
Type: nftables.ChainTypeFilter,
Hooknum: nftables.ChainHookInput,
Priority: nftables.ChainPriorityFilter,
})
c.AddRule(&nftables.Rule{
Table: filter,
Chain: input,
Exprs: []expr.Any{
&expr.Log{
Key: unix.NFTA_LOG_PREFIX,
Data: []byte("LOG INPUT"),
},
},
})
if err := c.Flush(); err != nil {
t.Errorf("c.Flush() failed: %v", err)
}
rules, err := c.GetRule(
&nftables.Table{
Family: nftables.TableFamilyIPv4,
Name: "filter",
},
&nftables.Chain{
Name: "input",
},
)
if err != nil {
t.Fatal(err)
}
if got, want := len(rules), 1; got != want {
t.Fatalf("unexpected number of rules: got %d, want %d", got, want)
}
if got, want := len(rules[0].Exprs), 1; got != want {
t.Fatalf("unexpected number of exprs: got %d, want %d", got, want)
}
logExpr, ok := rules[0].Exprs[0].(*expr.Log)
if !ok {
t.Fatalf("Exprs[0] is type %T, want *expr.Log", rules[0].Exprs[0])
}
if got, want := logExpr.Key, uint32(unix.NFTA_LOG_PREFIX); got != want {
t.Fatalf("unexpected *expr.Log key: got %d, want %d", got, want)
}
if got, want := string(logExpr.Data), "LOG INPUT"; got != want {
t.Fatalf("unexpected *expr.Log data: got %s, want %s", got, want)
}
}
func TestGetRule(t *testing.T) {
// The want byte sequences come from stracing nft(8), e.g.:
// strace -f -v -x -s 2048 -eraw=sendto nft list chain ip filter forward

2
rule.go
View File

@ -253,6 +253,8 @@ func exprsFromMsg(b []byte) ([]expr.Any, error) {
e = &expr.Limit{}
case "dynset":
e = &expr.Dynset{}
case "log":
e = &expr.Log{}
}
if e == nil {
// TODO: introduce an opaque expression type so that users know