Commit Graph

141 Commits

Author SHA1 Message Date
Ben de Graaff 2ba518ec5c
Unmarshal Exthdr and support DestRegister/Flags for reads (#151) (#152)
* Unmarshal Exthdr and support DestRegister/Flags for reads

Some fields in Exthdr are context-sensitive. Mixing unexpected fields
will result in EOPNOTSUPP.

* Fix order in which Exthdr attributes are written
2022-04-05 21:44:27 +02:00
Michael Stapelberg 19672dc9fe rule: carry over all table attributes (including family)
fixes https://github.com/google/nftables/issues/150
2022-04-02 15:01:06 +02:00
Gustavo Iñiguez Goia 5a9391c12f
Added support for quota expression (#149) 2022-03-29 18:00:11 +02:00
turekt 211824995d
Log expression refactor (#147)
Fixes https://github.com/google/nftables/issues/113

Log expression implementation changed to better support different log options
Added uint16 support to the binaryutil package
Changed old log expression tests that were failing after change
Added a new test to check the implementation for multiple log options
2022-02-21 22:42:39 +01:00
turekt 8aa05f01ea
Log prefix expression support (#146)
Fixes https://github.com/google/nftables/issues/115
Added expr.Log to EXPR_DATA switch
Added test for expr.Log parsing
2022-02-19 20:57:22 +01:00
Michael Stapelberg edf9fe8cd0 remove dependency on now-deleted koneu/natend
Instead, we just do the unsafe.Pointer() calls directly.

fixes https://github.com/google/nftables/issues/145
2022-02-10 08:29:02 +01:00
turekt 91d3b4571d
Fix for ListChains policy bug (#144)
Fixes https://github.com/google/nftables/issues/130 | Added a test case for ListChains func
2022-02-06 18:44:06 +01:00
turekt a46119e592
Support for rule position 0 (#143)
Added uint32 Flags to Rule struct to support rules set with position 0

fixes https://github.com/google/nftables/issues/126
2022-01-29 19:26:06 +01:00
Matt Layher 6f19c4381e
nftables: fix staticcheck error for Conn.getObj (#137)
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2021-12-09 23:08:38 +01:00
Matt Layher 611d399a5e
go.mod: use github.com/mdlayher/netlink@v1.4.2 (#136)
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2021-12-09 23:08:14 +01:00
Tommie Gannert 16a134723a Tries to fully populate Set.KeyType if it's a simple type.
Set.DataType also gets the full type descriptor. No changes in
behavior for concatenated datatypes.
2021-09-16 16:01:15 +02:00
Tommie Gannert 3a4a2bce5f Fixes masks in set flag parsing.
The NFTA_* constants identify attributes. The result is that, right
now, IsMap == Anonymous.
2021-09-16 16:01:15 +02:00
Tommie Gannert 0360b9d10a Adds all current datatypes for sets.
Based on https://git.netfilter.org/nftables/commit/include/datatype.h?id=cca4c856301caa8959ac98aac5811130bc19512c

It makes more sense to point to datatype.h in the comment since the
actual definitions of these types are scattered throughout src/.

uid_t and gid_t sizes are fixed at 4 bytes currently, but that might
of course change. I couldn't find a good way to make this
dynamic. There are a number of Sizeof* constants in x/sys/unix, so
that's probably the right place to add them.
2021-09-16 16:01:15 +02:00
Michael Stapelberg d553cd2d41 GitHub actions: run on pull requests, too 2021-08-18 09:26:02 +02:00
Michael Stapelberg a285acebca README: switch to GitHub actions badge 2021-05-14 17:48:51 +02:00
pengyuan.dai 5573dab9cc
Add CtStateBit constants and related usage test #121 (#122)
fixes #121
2021-05-14 16:05:40 +02:00
pengyuan.dai 523112131a
Add expr.Ct and expr.Range type select in exprsFromMsg (#120)
fixes #119
2021-05-11 11:11:10 +02:00
Michael Stapelberg 715e31cb3c switch from travis to GitHub actions 2020-12-30 15:21:48 +01:00
Paul Greenberg c25e4f69b4
fix: unmarshaling verdicts with chain information (#106)
Before this commit: the unmarshaling of a verdict pointing
to a chain fails.

After this commit: the unmarshaling of a rule with a verdict
pointing to a chain succeeds and the information about the
chain gets put in `Verdict.Chain`.

Resolves: #105

Signed-off-by: Paul Greenberg <greenpau@outlook.com>
2020-08-02 19:55:06 +02:00
Grégoire Delattre 7127d9d224
Add support for rate limiting (#101) 2020-03-16 08:58:19 +01:00
Alexis PIRES 64aca752d1
Remove Object API (#100)
Co-authored-by: Alexis PIRES <alexis.pires@atos.net>
2020-03-09 08:43:47 +01:00
Grégoire Delattre 21c5c5c425
Add missing VerdictKind (#99) 2020-03-06 11:32:18 +01:00
Zackery Field 9caf4234bf
Report whether set has flag configured (#98) 2020-02-27 08:28:57 +01:00
Serguei Bezverkhi 1c56a1906f Add Dynset expression and unit test (#97)
* Add dynset expression and unit test

Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2020-02-10 11:14:20 +01:00
Serguei Bezverkhi 9cdc3d048a
Add support for timeouts for set elements and sets (#96)
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2020-02-05 11:33:52 +01:00
Serguei Bezverkhi 26bcabf490 disable lock when no namespace is needed (#95)
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2020-01-22 22:39:39 +01:00
Leon Vack 327d5c62cd function to create concatenated SetDatatypes (#93)
added function to create concatenated SetDatatypes
2020-01-22 22:37:16 +01:00
Serguei Bezverkhi 88b35b63a9 Add GetSetByName call (#94)
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2020-01-21 08:39:40 +01:00
Alexis PIRES fdd795dea1 Add GetObject/GetObjects, ResetObject/ResetObjects (#92)
GetObj/GetObjReset accidentally returns all objects, GetObject returns only the specified one.
2020-01-21 08:36:27 +01:00
Michael Stapelberg bf895afbc6
Merge pull request #91 from LogicalOverflow/master
GetSets/SetAddElements fixes
2020-01-14 16:49:37 +01:00
Leon Vack 45c777dde0
added a test adding elements to a set in an IPv6 table 2020-01-14 11:07:36 +01:00
Leon Vack 514aa0c301
stored table passed to GetSets as table in all returned sets 2020-01-14 11:06:46 +01:00
Leon Vack 19eb6eac29
fixed extraHeader in SetAddElements 2020-01-14 11:02:28 +01:00
Serguei Bezverkhi 80a905063c Add set's id to newsetelem message (#89) 2020-01-01 17:05:55 +01:00
Alexis PIRES c4896ab7c6 Add insert/replace (#86) 2020-01-01 16:50:27 +01:00
Michael Stapelberg 2228941ec5 remove extra space 2019-12-22 11:45:11 +01:00
Serguei Bezverkhi 1f2240c488 Flush fix (#85)
Clear messages after netlink return error

Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-12-22 11:44:25 +01:00
Michael Stapelberg 7a7d417622
Merge pull request #84 from sbezverk/error_wrap
Replace %v with %w to wrap netlink error
2019-12-22 11:43:06 +01:00
Serguei Bezverkhi a63c55f46a Update go vet command line
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-12-20 12:00:14 -05:00
Serguei Bezverkhi c243f4945b Switching to recent golang version
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-12-20 11:57:27 -05:00
Serguei Bezverkhi f528bf5cc6 Replace %v with %w to wrap netlink error
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-12-20 11:51:15 -05:00
Serguei Bezverkhi 756cfa14a8 Fix concatenated key set validation (#83) 2019-12-18 00:02:00 +01:00
Alexis PIRES 9a6c96795b Stateless NAT and notrack support (#82) 2019-12-17 21:54:26 +01:00
Alexis PIRES e2e83d0ff5 Add dup expr support (#81) 2019-12-13 23:35:06 +01:00
Michael Stapelberg fc92ae7899 README: add disclaimer; this is not the upstream nftables repo 2019-12-08 11:03:14 +01:00
Serguei Bezverkhi 4525b500cb Anonymous set creation (#79)
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-12-05 18:08:48 +01:00
Serguei Bezverkhi 4f16059f2d Composed set (#78) 2019-12-01 10:10:42 +01:00
Serguei Bezverkhi 9dee196925 Add expression and tests for numgen (#77)
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-11-28 09:43:38 +01:00
Timo Beckers 3ba45f5d78 Use NFPROTO_ constants for TableFamily (#76) 2019-11-15 10:17:43 +01:00
Serguei Bezverkhi 14f3137cde protect cc.messages from racing (#75)
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
2019-11-14 16:22:42 +01:00