turekt
0d9bfa4d18
Fix overflow in Flush by using receiveAckAware and handling the overrun flag ( #237 )
...
Fixes https://github.com/google/nftables/issues/235
Added support for messages having overrun flag
Changed `conn.Receive` call to `receiveAckAware` in `Flush`
2023-09-23 17:08:35 +02:00
Lars Lehtonen
6a61933ab7
Fix dropped error ( #240 )
...
Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
2023-09-16 08:51:22 +02:00
Rafael Campos Las Heras
d27cc52f15
hash: Fix hash seed conditional ( #234 )
...
Fix the marshall of the hash seed to be conditional, only if it is
explicitly set, we need to add it to the kernel as stated on the
libnftl and nftables projects.
Refence: https://git.netfilter.org/nftables/tree/src/netlink_linearize.c?id=25e7b99cc450490c38becb03d8bddd0199cfd3f9#n174
Otherwise, having a hash expression similar to this:
```
ip daddr set jhash tcp sport mod 2 seed 0x0 map { 0 : 192.168.0.1, 1 : 192.168.2.2 }
```
end up setting only the first IP and ignoring the second one.
Signed-off-by: Rafael Campos <methril@gmail.com>
2023-08-03 08:14:23 +02:00
black-desk
8a10f68900
Add address field for expr tproxy ( #231 )
...
* Add address field for expr tproxy
Signed-off-by: black-desk <me@black-desk.cn>
Co-authored-by: MrRedhat <Redhatminzhe@Gmail.com>
2023-07-10 08:38:01 +02:00
Rafael Campos
8f2d395e10
set: Parse bytes length on sets
...
Parse the bytes length for key and data types when reading the sets.
Signed-off-by: Rafael Campos <methril@gmail.com>
2023-06-14 20:10:15 +02:00
Rafael Campos
98de8c8ac9
expr: Add Hash to the expr type
...
Add the Hash type to the expr read parser.
Signed-off-by: Rafael Campos <methril@gmail.com>
2023-06-14 20:10:15 +02:00
Ronak Jain
45645ffbf5
Parse set element counters ( #230 )
2023-05-20 18:23:52 +02:00
Michael Stapelberg
cf9b0d57e8
GitHub Actions: switch to setup-go@v4 which enables caching
2023-05-20 14:47:36 +02:00
turekt
d746ecb0e4
Implement set KeyByteOrder ( #226 )
...
Fixes https://github.com/google/nftables/issues/225
Introduced KeyByteOrder in sets which fills UDATA with endianess information
2023-05-18 18:05:49 +02:00
black-desk
b18665a6ec
Implement socket expr ( #222 )
...
Signed-off-by: black-desk <me@black-desk.cn>
2023-05-06 10:49:33 +02:00
Liu Xiangchao
a58e58ca6b
add set element expires field ( #223 )
2023-04-21 08:26:50 +02:00
Steffen Vogel
1510be9a55
userdata: Add TLV parser/serialized for rule user data
...
This TLV format is compatible with the one used by libnftables.
Hence with this change, we can now de/encode comments and other
user data information which is compatible with the Netfilter
command line tooling.
Signed-off-by: Steffen Vogel <post@steffenvogel.de>
2023-04-18 08:53:20 +02:00
Steffen Vogel
971247e1b2
Move setup/teardown of system NFT connection to internal package
...
As we want to reuse it also in other test packages.
Signed-off-by: Steffen Vogel <post@steffenvogel.de>
2023-04-18 08:53:20 +02:00
konradh
a93939a185
Fix getting concatenated data types for maps ( #217 )
...
This also implements parsing of concatenated data types.
2023-04-02 10:11:12 +02:00
Raman Shishniou
2729c5a5ee
Drop unnecessary table rewrite in GetRules() after 3e042f7
( #219 )
2023-03-16 12:38:54 +01:00
dependabot[bot]
e016b4e9fa
Bump golang.org/x/net from 0.4.0 to 0.7.0 ( #216 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.4.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases )
- [Commits](https://github.com/golang/net/compare/v0.4.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-18 14:01:22 +01:00
turekt
9aa6fdf5a2
Masq marshal fix ( #214 )
...
Fixes https://github.com/google/nftables/issues/213
2023-01-15 21:51:35 +01:00
Michael Stapelberg
2a00dee9fc
pull in latest mdlayher/netlink
...
related to issue #210
2022-12-12 17:19:45 +01:00
TheDiveO
d1d398adb7
alignedbuff: fix alignment test issue on 32-bit machines ( #211 )
...
- fixes issue #209 where two unit tests for alignedbuff were incorrectly calculating the expected marshalled data length on 32bit machines (whereas actual padding/alignment itself was done correctly).
- adds documentation reference to kernel's xtables.h UAPI regarding alignment.
2022-12-12 08:51:36 +01:00
xiaoff
1aef2ba20e
Fix: add NFTA_RULE_COMPAT attribute ( #207 )
...
xt_matches or xt_targets like xt_tcpudp may have specific compat policy and
if not set flush rule will error with EINVAL
according to https://elixir.bootlin.com/linux/v3.13/source/net/netfilter/x_tables.c#L563
Signed-off-by: xiaoff <zhaofeng_0019@163.com>
2022-12-08 09:05:15 +01:00
turekt
130caa4c31
Reject expression fix ( #206 )
...
Added missing reject expression to exprsFromMsg
2022-11-07 20:04:33 +01:00
turekt
0dda43a5f9
Fix size for TypeTimeHour ( #203 )
...
Corresponding nftables commit: https://git.netfilter.org/nftables/commit/src/meta.c?id=4e1abfc552170d6db5c511634a29918e64c1b51b
2022-11-01 21:27:48 +01:00
turekt
c89a57ce19
Flowtables implementation ( #201 )
...
Added flowtables implementation | Added flow_offload expression | Added tests
2022-11-01 07:48:00 +01:00
Michael Stapelberg
3ad45c080c
use “test” as set name in tests
2022-10-29 08:34:19 +02:00
Joe Williams
0929dfc8bf
Support set element counters ( #199 )
2022-10-29 08:33:22 +02:00
Joe Williams
4f5cd5826f
add int32 and string types to alignedbuff ( #195 )
2022-10-15 21:04:45 +02:00
Andrew LeFevre
d007ae63f1
fix queue expression getting skipped when unmarshaling rules ( #197 )
2022-10-15 19:08:15 +02:00
turekt
535f5eb8da
Fix incorrect netlink acknowledgement handling ( #194 )
...
fixes https://github.com/google/nftables/issues/175
2022-10-02 16:01:48 +02:00
vsandonis
0aa65c0fdd
Fix Objref expression parsing ( #193 )
...
The Objref expression was not considered when parsing raw expressions
bytes to construct nftables expressions.
Add unit test to check that a rule with an Objref expression is
properly obtained by GetRules().
Signed-off-by: Victor Sandonis Consuegra <vsandonis@ibm.com>
2022-09-28 18:33:16 +02:00
Andrew LeFevre
cbeb0fb1ec
added ability to create regular chains without a hook priority ( #183 )
...
See https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Adding_regular_chains
for info on regular chains.
Closes #179 .
2022-09-06 17:27:20 +02:00
xiaoff
6cd15ed863
Fix: add missed parameters of struct ConntrackMtinfoBase ( #182 )
...
according to https://elixir.bootlin.com/linux/v5.17.7/source/include/uapi/linux/netfilter/xt_conntrack.h#L47 there are u16 parameters: MatchFlags and InvertFlags
2022-09-04 20:05:03 +02:00
turekt
64ce05980f
Set userdata fix ( #180 )
...
Adds user data order bytes to set message
2022-08-30 22:16:08 +02:00
turekt
e4bff45b7f
IsDestRegSet unmarshaling fix ( #178 )
...
Fixes https://github.com/google/nftables/issues/176 | Added test case
2022-08-30 19:03:33 +02:00
Rafael Campos Las Heras
2eca001357
Fix Meta unmarshal when is Source Register ( #174 )
...
The Meta nftables expression was not filling the Register and SourceRegister
fields when unmarshalling.
Add a check for NFTA_META_SREG message when unmarshalling to fill the Meta
fields.
Add Unit Test for source and destination unmarshall.
Signed-off-by: Rafael Campos <rafael.campos.lasheras@ibm.com>
2022-08-08 17:45:52 +02:00
Michael Stapelberg
c4786406ff
gofmt with Go 1.19
2022-08-07 10:20:00 +02:00
Michael Stapelberg
920dc0e0e0
GitHub Actions: bump to Go 1.19
2022-08-07 10:19:50 +02:00
turekt
ec1e802faf
Added dynset exprs support ( #173 )
...
fixes https://github.com/google/nftables/issues/172
- Rearranged `exprFromMsg` function
- Rearranged limit expr marshaling logic
- Added dynamic flag for sets
- Implemented connlimit
- Added missing constants
- Added tests
2022-07-29 18:32:59 +02:00
Michael Stapelberg
a346d51f53
Fetch an acknowledgement for each message that requested one
...
This fixes error handling when using lasting connections.
fixes #170
2022-06-11 23:33:46 +02:00
Michael Stapelberg
2025aec0d2
nftest: generate message acknowledgements
...
Previously, the code just returned the input requests, which happened to work
2022-06-11 23:25:19 +02:00
Michael Stapelberg
2719b9add1
refactor common test code into package nftest
...
Converting more test functions to use it (and then splitting out test
functions into their own files) is left for a follow-up commit.
2022-06-11 23:10:56 +02:00
Michael Stapelberg
33143dee49
GitHub Actions: rename branch
2022-06-11 22:24:28 +02:00
Michael Stapelberg
6861e7b3fc
GitHub Actions: run on Go 1.18
2022-06-11 22:24:04 +02:00
TheDiveO
1f0380f5c7
list tables and chains optionally by specific table family ( #168 )
2022-06-07 17:23:05 +02:00
TheDiveO
a9775fb167
fixes issue #107 ( #166 )
2022-05-16 22:53:33 +02:00
TheDiveO
06687b6e34
use TableFamilyUnspecified (NFPROTO_UNSPEC) instead of AF_UNSPEC ( #165 )
2022-05-15 23:16:05 +02:00
Michael Stapelberg
58da7d8bf3
make links stable
2022-05-15 23:15:01 +02:00
thediveo
8ea944061f
add typed xtables information un/marshalling
...
more tests and fixes
more info support; refactoring
2022-05-15 23:12:26 +02:00
thediveo
4b6f0f2b44
add un/marshalling with native endianess and alignment
2022-05-15 23:12:26 +02:00
thediveo
3e042f75d7
refactor: pass table family when un/marshalling expr
2022-05-15 23:12:26 +02:00
TheDiveO
aeea153026
un/marshal Match and Target expressions ( #163 )
2022-05-12 17:33:22 +02:00