interesting
/
nftables
mirror of https://github.com/google/nftables.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
229 Commits 1 Branch 2 Tags 2 MiB
Commit Graph

229 Commits

Author SHA1 Message Date
xiaoff 1aef2ba20e
Fix: add NFTA_RULE_COMPAT attribute (#207) 
xt_matches or xt_targets like xt_tcpudp may have specific compat policy and
if not set flush rule will error with EINVAL
according to https://elixir.bootlin.com/linux/v3.13/source/net/netfilter/x_tables.c#L563

Signed-off-by: xiaoff <zhaofeng_0019@163.com>
 2022-12-08 09:05:15 +01:00
turekt 130caa4c31
Reject expression fix (#206) 
Added missing reject expression to exprsFromMsg
 2022-11-07 20:04:33 +01:00
turekt 0dda43a5f9
Fix size for TypeTimeHour (#203) 
Corresponding nftables commit: https://git.netfilter.org/nftables/commit/src/meta.c?id=4e1abfc552170d6db5c511634a29918e64c1b51b
 2022-11-01 21:27:48 +01:00
turekt c89a57ce19
Flowtables implementation (#201) 
Added flowtables implementation | Added flow_offload expression | Added tests
 2022-11-01 07:48:00 +01:00
Michael Stapelberg 3ad45c080c use “test” as set name in tests 2022-10-29 08:34:19 +02:00
Joe Williams 0929dfc8bf
Support set element counters (#199) 2022-10-29 08:33:22 +02:00
Joe Williams 4f5cd5826f
add int32 and string types to alignedbuff (#195) 2022-10-15 21:04:45 +02:00
Andrew LeFevre d007ae63f1
fix queue expression getting skipped when unmarshaling rules (#197) 2022-10-15 19:08:15 +02:00
turekt 535f5eb8da
Fix incorrect netlink acknowledgement handling (#194) 
fixes https://github.com/google/nftables/issues/175
 2022-10-02 16:01:48 +02:00
vsandonis 0aa65c0fdd
Fix Objref expression parsing (#193) 
The Objref expression was not considered when parsing raw expressions
bytes to construct nftables expressions.

Add unit test to check that a rule with an Objref expression is
properly obtained by GetRules().

Signed-off-by: Victor Sandonis Consuegra <vsandonis@ibm.com>
 2022-09-28 18:33:16 +02:00
Andrew LeFevre cbeb0fb1ec
added ability to create regular chains without a hook priority (#183) 
See https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Adding_regular_chains
for info on regular chains.

Closes #179.
 2022-09-06 17:27:20 +02:00
xiaoff 6cd15ed863
Fix: add missed parameters of struct ConntrackMtinfoBase (#182) 
according to https://elixir.bootlin.com/linux/v5.17.7/source/include/uapi/linux/netfilter/xt_conntrack.h#L47 there are u16 parameters: MatchFlags and InvertFlags
 2022-09-04 20:05:03 +02:00
turekt 64ce05980f
Set userdata fix (#180) 
Adds user data order bytes to set message
 2022-08-30 22:16:08 +02:00
turekt e4bff45b7f
IsDestRegSet unmarshaling fix (#178) 
Fixes https://github.com/google/nftables/issues/176 | Added test case
 2022-08-30 19:03:33 +02:00
Rafael Campos Las Heras 2eca001357
Fix Meta unmarshal when is Source Register (#174) 
The Meta nftables expression was not filling the Register and SourceRegister
fields when unmarshalling.

Add a check for NFTA_META_SREG message when unmarshalling to fill the Meta
fields.
Add Unit Test for source and destination unmarshall.

Signed-off-by: Rafael Campos <rafael.campos.lasheras@ibm.com>
 2022-08-08 17:45:52 +02:00
Michael Stapelberg c4786406ff gofmt with Go 1.19 2022-08-07 10:20:00 +02:00
Michael Stapelberg 920dc0e0e0 GitHub Actions: bump to Go 1.19 2022-08-07 10:19:50 +02:00
turekt ec1e802faf
Added dynset exprs support (#173) 
fixes https://github.com/google/nftables/issues/172

- Rearranged `exprFromMsg` function
- Rearranged limit expr marshaling logic
- Added dynamic flag for sets
- Implemented connlimit
- Added missing constants 
- Added tests
 2022-07-29 18:32:59 +02:00
Michael Stapelberg a346d51f53 Fetch an acknowledgement for each message that requested one 
This fixes error handling when using lasting connections.

fixes #170
 2022-06-11 23:33:46 +02:00
Michael Stapelberg 2025aec0d2 nftest: generate message acknowledgements 
Previously, the code just returned the input requests, which happened to work
 2022-06-11 23:25:19 +02:00
Michael Stapelberg 2719b9add1 refactor common test code into package nftest 
Converting more test functions to use it (and then splitting out test
functions into their own files) is left for a follow-up commit.
 2022-06-11 23:10:56 +02:00
Michael Stapelberg 33143dee49 GitHub Actions: rename branch 2022-06-11 22:24:28 +02:00
Michael Stapelberg 6861e7b3fc GitHub Actions: run on Go 1.18 2022-06-11 22:24:04 +02:00
TheDiveO 1f0380f5c7
list tables and chains optionally by specific table family (#168) 2022-06-07 17:23:05 +02:00
TheDiveO a9775fb167
fixes issue #107 (#166) 2022-05-16 22:53:33 +02:00
TheDiveO 06687b6e34
use TableFamilyUnspecified (NFPROTO_UNSPEC) instead of AF_UNSPEC (#165) 2022-05-15 23:16:05 +02:00
Michael Stapelberg 58da7d8bf3 make links stable 2022-05-15 23:15:01 +02:00
thediveo 8ea944061f add typed xtables information un/marshalling 
more tests and fixes

more info support; refactoring
 2022-05-15 23:12:26 +02:00
thediveo 4b6f0f2b44 add un/marshalling with native endianess and alignment 2022-05-15 23:12:26 +02:00
thediveo 3e042f75d7 refactor: pass table family when un/marshalling expr 2022-05-15 23:12:26 +02:00
TheDiveO aeea153026
un/marshal Match and Target expressions (#163) 2022-05-12 17:33:22 +02:00
TheDiveO eeaebcf552
add New constructor (with options functions, such as lasting connection) 
* Close receiver for lasting netlink connections while defaulting to existing temporary netlink connection usage
* add unit test for New lasting connection, Close and correct default connection handling behavior
* refactor tests to use New constructor
* make Conn mutex un-exported (#159)

fixes issue #157
 2022-05-09 13:25:29 +02:00
TheDiveO 85d0f3a0db
add GetRules and deprecate GetRule, update tests (#160) 2022-05-08 20:39:12 +02:00
Michael Stapelberg 38a96768db bump go.mod version to go 1.17 
fixes https://github.com/google/nftables/issues/158
 2022-05-02 17:29:23 +02:00
turekt 76ed01e300
Support for concat set intervals (#155) 
Fixes https://github.com/google/nftables/issues/154

Added support for intervals in concat sets 
Added missing constants, Concatenation flag and KeyEnd field to Set type with marshaling support
Added ConcatSetTypeElements function to derive base types from concatenated types
Changed nftDatatypes list to map 
Added tests
 2022-04-22 17:12:20 +02:00
Rafael Campos Las Heras 950e408d48 Fix range expression unmarshalling 
Fix the range expression unmarshalling on the `FromData` and `ToData`
Range expression fields.
 2022-04-07 21:54:05 +02:00
Rafael Campos Las Heras d46a80e963 Fix payload unmarshall operation type. 
When unmarshalling the Payload expression the operation type is not
updated. Apply the same logic for unmarshalling that we apply for
marshalling.
 2022-04-07 21:54:05 +02:00
Rafael Campos Las Heras c4d774fc49 Fix expression parsing for notracking 
Fix the expression parsing for non data content like `notracking`
expression.
 2022-04-07 21:54:05 +02:00
Ben de Graaff 2ba518ec5c
Unmarshal Exthdr and support DestRegister/Flags for reads (#151) (#152) 
* Unmarshal Exthdr and support DestRegister/Flags for reads

Some fields in Exthdr are context-sensitive. Mixing unexpected fields
will result in EOPNOTSUPP.

* Fix order in which Exthdr attributes are written
 2022-04-05 21:44:27 +02:00
Michael Stapelberg 19672dc9fe rule: carry over all table attributes (including family) 
fixes https://github.com/google/nftables/issues/150
 2022-04-02 15:01:06 +02:00
Gustavo Iñiguez Goia 5a9391c12f
Added support for quota expression (#149) 2022-03-29 18:00:11 +02:00
turekt 211824995d
Log expression refactor (#147) 
Fixes https://github.com/google/nftables/issues/113

Log expression implementation changed to better support different log options
Added uint16 support to the binaryutil package
Changed old log expression tests that were failing after change
Added a new test to check the implementation for multiple log options
 2022-02-21 22:42:39 +01:00
turekt 8aa05f01ea
Log prefix expression support (#146) 
Fixes https://github.com/google/nftables/issues/115
Added expr.Log to EXPR_DATA switch
Added test for expr.Log parsing
 2022-02-19 20:57:22 +01:00
Michael Stapelberg edf9fe8cd0 remove dependency on now-deleted koneu/natend 
Instead, we just do the unsafe.Pointer() calls directly.

fixes https://github.com/google/nftables/issues/145
 2022-02-10 08:29:02 +01:00
turekt 91d3b4571d
Fix for ListChains policy bug (#144) 
Fixes https://github.com/google/nftables/issues/130 | Added a test case for ListChains func
 2022-02-06 18:44:06 +01:00
turekt a46119e592
Support for rule position 0 (#143) 
Added uint32 Flags to Rule struct to support rules set with position 0

fixes https://github.com/google/nftables/issues/126
 2022-01-29 19:26:06 +01:00
Matt Layher 6f19c4381e
nftables: fix staticcheck error for Conn.getObj (#137) 
Signed-off-by: Matt Layher <mdlayher@gmail.com>
 2021-12-09 23:08:38 +01:00
Matt Layher 611d399a5e
go.mod: use github.com/mdlayher/netlink@v1.4.2 (#136) 
Signed-off-by: Matt Layher <mdlayher@gmail.com>
 2021-12-09 23:08:14 +01:00
Tommie Gannert 16a134723a Tries to fully populate Set.KeyType if it's a simple type. 
Set.DataType also gets the full type descriptor. No changes in
behavior for concatenated datatypes.
 2021-09-16 16:01:15 +02:00
Tommie Gannert 3a4a2bce5f Fixes masks in set flag parsing. 
The NFTA_* constants identify attributes. The result is that, right
now, IsMap == Anonymous.
 2021-09-16 16:01:15 +02:00