interesting
/
nftables
mirror of https://github.com/google/nftables.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
187 Commits 1 Branch 2 Tags 2.9 MiB
Commit Graph

58 Commits

Author SHA1 Message Date
turekt 9aa6fdf5a2
Masq marshal fix (#214) 
Fixes https://github.com/google/nftables/issues/213
 2023-01-15 21:51:35 +01:00
turekt 130caa4c31
Reject expression fix (#206) 
Added missing reject expression to exprsFromMsg
 2022-11-07 20:04:33 +01:00
turekt c89a57ce19
Flowtables implementation (#201) 
Added flowtables implementation | Added flow_offload expression | Added tests
 2022-11-01 07:48:00 +01:00
Andrew LeFevre d007ae63f1
fix queue expression getting skipped when unmarshaling rules (#197) 2022-10-15 19:08:15 +02:00
vsandonis 0aa65c0fdd
Fix Objref expression parsing (#193) 
The Objref expression was not considered when parsing raw expressions
bytes to construct nftables expressions.

Add unit test to check that a rule with an Objref expression is
properly obtained by GetRules().

Signed-off-by: Victor Sandonis Consuegra <vsandonis@ibm.com>
 2022-09-28 18:33:16 +02:00
turekt e4bff45b7f
IsDestRegSet unmarshaling fix (#178) 
Fixes https://github.com/google/nftables/issues/176 | Added test case
 2022-08-30 19:03:33 +02:00
Rafael Campos Las Heras 2eca001357
Fix Meta unmarshal when is Source Register (#174) 
The Meta nftables expression was not filling the Register and SourceRegister
fields when unmarshalling.

Add a check for NFTA_META_SREG message when unmarshalling to fill the Meta
fields.
Add Unit Test for source and destination unmarshall.

Signed-off-by: Rafael Campos <rafael.campos.lasheras@ibm.com>
 2022-08-08 17:45:52 +02:00
turekt ec1e802faf
Added dynset exprs support (#173) 
fixes https://github.com/google/nftables/issues/172

- Rearranged `exprFromMsg` function
- Rearranged limit expr marshaling logic
- Added dynamic flag for sets
- Implemented connlimit
- Added missing constants 
- Added tests
 2022-07-29 18:32:59 +02:00
thediveo 8ea944061f add typed xtables information un/marshalling 
more tests and fixes

more info support; refactoring
 2022-05-15 23:12:26 +02:00
thediveo 3e042f75d7 refactor: pass table family when un/marshalling expr 2022-05-15 23:12:26 +02:00
TheDiveO aeea153026
un/marshal Match and Target expressions (#163) 2022-05-12 17:33:22 +02:00
Rafael Campos Las Heras 950e408d48 Fix range expression unmarshalling 
Fix the range expression unmarshalling on the `FromData` and `ToData`
Range expression fields.
 2022-04-07 21:54:05 +02:00
Rafael Campos Las Heras d46a80e963 Fix payload unmarshall operation type. 
When unmarshalling the Payload expression the operation type is not
updated. Apply the same logic for unmarshalling that we apply for
marshalling.
 2022-04-07 21:54:05 +02:00
Ben de Graaff 2ba518ec5c
Unmarshal Exthdr and support DestRegister/Flags for reads (#151) (#152) 
* Unmarshal Exthdr and support DestRegister/Flags for reads

Some fields in Exthdr are context-sensitive. Mixing unexpected fields
will result in EOPNOTSUPP.

* Fix order in which Exthdr attributes are written
 2022-04-05 21:44:27 +02:00
Gustavo Iñiguez Goia 5a9391c12f
Added support for quota expression (#149) 2022-03-29 18:00:11 +02:00
turekt 211824995d
Log expression refactor (#147) 
Fixes https://github.com/google/nftables/issues/113

Log expression implementation changed to better support different log options
Added uint16 support to the binaryutil package
Changed old log expression tests that were failing after change
Added a new test to check the implementation for multiple log options
 2022-02-21 22:42:39 +01:00
pengyuan.dai 5573dab9cc
Add CtStateBit constants and related usage test #121 (#122) 
fixes #121
 2021-05-14 16:05:40 +02:00
Paul Greenberg c25e4f69b4
fix: unmarshaling verdicts with chain information (#106) 
Before this commit: the unmarshaling of a verdict pointing
to a chain fails.

After this commit: the unmarshaling of a rule with a verdict
pointing to a chain succeeds and the information about the
chain gets put in `Verdict.Chain`.

Resolves: #105

Signed-off-by: Paul Greenberg <greenpau@outlook.com>
 2020-08-02 19:55:06 +02:00
Grégoire Delattre 7127d9d224
Add support for rate limiting (#101) 2020-03-16 08:58:19 +01:00
Grégoire Delattre 21c5c5c425
Add missing VerdictKind (#99) 2020-03-06 11:32:18 +01:00
Serguei Bezverkhi 1c56a1906f Add Dynset expression and unit test (#97) 
* Add dynset expression and unit test

Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2020-02-10 11:14:20 +01:00
Alexis PIRES 9a6c96795b Stateless NAT and notrack support (#82) 2019-12-17 21:54:26 +01:00
Alexis PIRES e2e83d0ff5 Add dup expr support (#81) 2019-12-13 23:35:06 +01:00
Serguei Bezverkhi 9dee196925 Add expression and tests for numgen (#77) 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2019-11-28 09:43:38 +01:00
Serguei Bezverkhi e0f4f3f8f8 Add bitwise decoder logic (#71) 2019-11-07 15:38:12 +01:00
Minaru 35de0a609f Hash expr implementation (#68) 
* [expr] Implement Hash expr.

* [test] Add Hash test case.
 2019-10-19 08:53:53 +02:00
Maxime Demode 71337b220c [expr] Add SourceRegister field and modify marshal function to work with it. 2019-10-15 18:31:07 +02:00
Maxime Demode 3c7d959797 [expr] Replace Key type in Ct struct by CtKey. 2019-10-15 18:02:12 +02:00
Maxime Demode 29d7aa173f [expr] Create CtKey type and add const values. 2019-10-15 18:01:31 +02:00
Serguei Bezverkhi 5d14089d2e Adding to nat expression additional parameters (#59) 
* Change in dnat logic to cover all combinations

Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>

* Add parameter to cover all possible nat combinations

Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2019-09-06 08:28:27 +02:00
Serguei Bezverkhi 4b2264477a lookup dest reg check fix (#57) 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2019-08-31 09:36:20 +02:00
Serguei Bezverkhi 85a78b5285 Adding Fib expression and unit tests (#54) 2019-08-27 08:49:06 +02:00
Serguei Bezverkhi d514535a0c Reject expression and Unit tests (#53) 2019-08-26 09:57:52 +02:00
Serguei Bezverkhi ec0390b058 Extend Masq support and add unit testing (#52) 2019-08-25 23:43:47 +02:00
Serguei Bezverkhi 6925991d82 Meta SREG and DREG (#51) 
* meta requires to use source and destination registers

Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2019-08-19 23:36:36 +02:00
Serguei Bezverkhi 9907ca3831 Add log expression and test (#42) 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2019-08-01 12:41:37 -07:00
Serguei Bezverkhi 7895e345f5 Add Connection tracking expression and test (#38) 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2019-07-20 13:20:42 +02:00
Serguei Bezverkhi 7a68526274 tproxy expression support and test (#32) 
Add support for tproxy expression

Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2019-06-30 01:06:32 +02:00
Serguei Bezverkhi 8d26daf060 Implement range expression (#22) 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>

fixes #19
 2019-06-05 13:15:05 +02:00
Michael Stapelberg 70f367a546 verdict: add Chain (+test) 
related to #18
 2019-05-24 02:56:43 +02:00
Michael Stapelberg c5bb71b2cf implement redir expression (+test) 
fixes #17
 2019-05-17 13:57:31 +02:00
Ryan Whelan 07c974e364 fix: Typo in unmarshal on Cmp struct (#14) 2019-04-30 17:07:43 +02:00
Tom D b8b6574812 Implement GetRule for Immediate, Verdict, and Lookup expressions (#11) 2019-02-18 13:01:32 +01:00
Tom D ca263a814b Add support for inverted set lookups. (#10) 2019-02-13 10:06:43 +01:00
Tom 2bb2b66f95 Implement support for anonymous & named sets. 2019-02-11 16:11:27 -08:00
Dhiver b732c419a3 Implement Queue Expr (#8) 2019-01-28 18:01:13 +01:00
Tom D 7612760462 Implement verdict expression. (#7) 2019-01-17 09:48:46 +01:00
Michael Stapelberg 9ac63cb282 add exprs and test for TCP MSS clamping 2018-10-22 09:22:02 +02:00
Michael Stapelberg 409eade12e switch to new netlink.AttributeDecoder 
fixes #2
 2018-08-10 18:59:05 +02:00
Michael Stapelberg 121db0bb23 add expr.Objref 2018-08-08 23:11:26 +02:00