Ben de Graaff
2ba518ec5c
Unmarshal Exthdr and support DestRegister/Flags for reads ( #151 ) ( #152 )
...
* Unmarshal Exthdr and support DestRegister/Flags for reads
Some fields in Exthdr are context-sensitive. Mixing unexpected fields
will result in EOPNOTSUPP.
* Fix order in which Exthdr attributes are written
2022-04-05 21:44:27 +02:00
Michael Stapelberg
19672dc9fe
rule: carry over all table attributes (including family)
...
fixes https://github.com/google/nftables/issues/150
2022-04-02 15:01:06 +02:00
Gustavo Iñiguez Goia
5a9391c12f
Added support for quota expression ( #149 )
2022-03-29 18:00:11 +02:00
turekt
211824995d
Log expression refactor ( #147 )
...
Fixes https://github.com/google/nftables/issues/113
Log expression implementation changed to better support different log options
Added uint16 support to the binaryutil package
Changed old log expression tests that were failing after change
Added a new test to check the implementation for multiple log options
2022-02-21 22:42:39 +01:00
turekt
8aa05f01ea
Log prefix expression support ( #146 )
...
Fixes https://github.com/google/nftables/issues/115
Added expr.Log to EXPR_DATA switch
Added test for expr.Log parsing
2022-02-19 20:57:22 +01:00
Michael Stapelberg
edf9fe8cd0
remove dependency on now-deleted koneu/natend
...
Instead, we just do the unsafe.Pointer() calls directly.
fixes https://github.com/google/nftables/issues/145
2022-02-10 08:29:02 +01:00
turekt
91d3b4571d
Fix for ListChains policy bug ( #144 )
...
Fixes https://github.com/google/nftables/issues/130 | Added a test case for ListChains func
2022-02-06 18:44:06 +01:00
turekt
a46119e592
Support for rule position 0 ( #143 )
...
Added uint32 Flags to Rule struct to support rules set with position 0
fixes https://github.com/google/nftables/issues/126
2022-01-29 19:26:06 +01:00
Matt Layher
6f19c4381e
nftables: fix staticcheck error for Conn.getObj ( #137 )
...
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2021-12-09 23:08:38 +01:00
Matt Layher
611d399a5e
go.mod: use github.com/mdlayher/netlink@v1.4.2 ( #136 )
...
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2021-12-09 23:08:14 +01:00
Tommie Gannert
16a134723a
Tries to fully populate Set.KeyType if it's a simple type.
...
Set.DataType also gets the full type descriptor. No changes in
behavior for concatenated datatypes.
2021-09-16 16:01:15 +02:00
Tommie Gannert
3a4a2bce5f
Fixes masks in set flag parsing.
...
The NFTA_* constants identify attributes. The result is that, right
now, IsMap == Anonymous.
2021-09-16 16:01:15 +02:00
Tommie Gannert
0360b9d10a
Adds all current datatypes for sets.
...
Based on https://git.netfilter.org/nftables/commit/include/datatype.h?id=cca4c856301caa8959ac98aac5811130bc19512c
It makes more sense to point to datatype.h in the comment since the
actual definitions of these types are scattered throughout src/.
uid_t and gid_t sizes are fixed at 4 bytes currently, but that might
of course change. I couldn't find a good way to make this
dynamic. There are a number of Sizeof* constants in x/sys/unix, so
that's probably the right place to add them.
2021-09-16 16:01:15 +02:00
Michael Stapelberg
d553cd2d41
GitHub actions: run on pull requests, too
2021-08-18 09:26:02 +02:00
Michael Stapelberg
a285acebca
README: switch to GitHub actions badge
2021-05-14 17:48:51 +02:00
pengyuan.dai
5573dab9cc
Add CtStateBit constants and related usage test #121 ( #122 )
...
fixes #121
2021-05-14 16:05:40 +02:00
pengyuan.dai
523112131a
Add expr.Ct and expr.Range type select in exprsFromMsg ( #120 )
...
fixes #119
2021-05-11 11:11:10 +02:00
Michael Stapelberg
715e31cb3c
switch from travis to GitHub actions
2020-12-30 15:21:48 +01:00
Paul Greenberg
c25e4f69b4
fix: unmarshaling verdicts with chain information ( #106 )
...
Before this commit: the unmarshaling of a verdict pointing
to a chain fails.
After this commit: the unmarshaling of a rule with a verdict
pointing to a chain succeeds and the information about the
chain gets put in `Verdict.Chain`.
Resolves : #105
Signed-off-by: Paul Greenberg <greenpau@outlook.com>
2020-08-02 19:55:06 +02:00
Grégoire Delattre
7127d9d224
Add support for rate limiting ( #101 )
2020-03-16 08:58:19 +01:00
Alexis PIRES
64aca752d1
Remove Object API ( #100 )
...
Co-authored-by: Alexis PIRES <alexis.pires@atos.net>
2020-03-09 08:43:47 +01:00
Grégoire Delattre
21c5c5c425
Add missing VerdictKind ( #99 )
2020-03-06 11:32:18 +01:00
Zackery Field
9caf4234bf
Report whether set has flag configured ( #98 )
2020-02-27 08:28:57 +01:00
Serguei Bezverkhi
1c56a1906f
Add Dynset expression and unit test ( #97 )
...
* Add dynset expression and unit test
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2020-02-10 11:14:20 +01:00
Serguei Bezverkhi
9cdc3d048a
Add support for timeouts for set elements and sets ( #96 )
...
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2020-02-05 11:33:52 +01:00
Serguei Bezverkhi
26bcabf490
disable lock when no namespace is needed ( #95 )
...
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2020-01-22 22:39:39 +01:00
Leon Vack
327d5c62cd
function to create concatenated SetDatatypes ( #93 )
...
added function to create concatenated SetDatatypes
2020-01-22 22:37:16 +01:00
Serguei Bezverkhi
88b35b63a9
Add GetSetByName call ( #94 )
...
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2020-01-21 08:39:40 +01:00
Alexis PIRES
fdd795dea1
Add GetObject/GetObjects, ResetObject/ResetObjects ( #92 )
...
GetObj/GetObjReset accidentally returns all objects, GetObject returns only the specified one.
2020-01-21 08:36:27 +01:00
Michael Stapelberg
bf895afbc6
Merge pull request #91 from LogicalOverflow/master
...
GetSets/SetAddElements fixes
2020-01-14 16:49:37 +01:00
Leon Vack
45c777dde0
added a test adding elements to a set in an IPv6 table
2020-01-14 11:07:36 +01:00
Leon Vack
514aa0c301
stored table passed to GetSets as table in all returned sets
2020-01-14 11:06:46 +01:00
Leon Vack
19eb6eac29
fixed extraHeader in SetAddElements
2020-01-14 11:02:28 +01:00
Serguei Bezverkhi
80a905063c
Add set's id to newsetelem message ( #89 )
2020-01-01 17:05:55 +01:00
Alexis PIRES
c4896ab7c6
Add insert/replace ( #86 )
2020-01-01 16:50:27 +01:00
Michael Stapelberg
2228941ec5
remove extra space
2019-12-22 11:45:11 +01:00
Serguei Bezverkhi
1f2240c488
Flush fix ( #85 )
...
Clear messages after netlink return error
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-12-22 11:44:25 +01:00
Michael Stapelberg
7a7d417622
Merge pull request #84 from sbezverk/error_wrap
...
Replace %v with %w to wrap netlink error
2019-12-22 11:43:06 +01:00
Serguei Bezverkhi
a63c55f46a
Update go vet command line
...
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-12-20 12:00:14 -05:00
Serguei Bezverkhi
c243f4945b
Switching to recent golang version
...
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-12-20 11:57:27 -05:00
Serguei Bezverkhi
f528bf5cc6
Replace %v with %w to wrap netlink error
...
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-12-20 11:51:15 -05:00
Serguei Bezverkhi
756cfa14a8
Fix concatenated key set validation ( #83 )
2019-12-18 00:02:00 +01:00
Alexis PIRES
9a6c96795b
Stateless NAT and notrack support ( #82 )
2019-12-17 21:54:26 +01:00
Alexis PIRES
e2e83d0ff5
Add dup expr support ( #81 )
2019-12-13 23:35:06 +01:00
Michael Stapelberg
fc92ae7899
README: add disclaimer; this is not the upstream nftables repo
2019-12-08 11:03:14 +01:00
Serguei Bezverkhi
4525b500cb
Anonymous set creation ( #79 )
...
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-12-05 18:08:48 +01:00
Serguei Bezverkhi
4f16059f2d
Composed set ( #78 )
2019-12-01 10:10:42 +01:00
Serguei Bezverkhi
9dee196925
Add expression and tests for numgen ( #77 )
...
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-11-28 09:43:38 +01:00
Timo Beckers
3ba45f5d78
Use NFPROTO_ constants for TableFamily ( #76 )
2019-11-15 10:17:43 +01:00
Serguei Bezverkhi
14f3137cde
protect cc.messages from racing ( #75 )
...
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-11-14 16:22:42 +01:00