interesting
/
nftables
mirror of https://github.com/google/nftables.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
195 Commits 1 Branch 3 Tags 2.9 MiB
Commit Graph

195 Commits

Author SHA1 Message Date
black-desk 8a10f68900
Add address field for expr tproxy (#231) 
* Add address field for expr tproxy

Signed-off-by: black-desk <me@black-desk.cn>
Co-authored-by: MrRedhat <Redhatminzhe@Gmail.com>
 2023-07-10 08:38:01 +02:00
Rafael Campos 8f2d395e10 set: Parse bytes length on sets 
Parse the bytes length for key and data types when reading the sets.

Signed-off-by: Rafael Campos <methril@gmail.com>
 2023-06-14 20:10:15 +02:00
Rafael Campos 98de8c8ac9 expr: Add Hash to the expr type 
Add the Hash type to the expr read parser.

Signed-off-by: Rafael Campos <methril@gmail.com>
 2023-06-14 20:10:15 +02:00
Ronak Jain 45645ffbf5
Parse set element counters (#230) 2023-05-20 18:23:52 +02:00
Michael Stapelberg cf9b0d57e8 GitHub Actions: switch to setup-go@v4 which enables caching 2023-05-20 14:47:36 +02:00
turekt d746ecb0e4
Implement set KeyByteOrder (#226) 
Fixes https://github.com/google/nftables/issues/225
Introduced KeyByteOrder in sets which fills UDATA with endianess information
 2023-05-18 18:05:49 +02:00
black-desk b18665a6ec
Implement socket expr (#222) 
Signed-off-by: black-desk <me@black-desk.cn>
 2023-05-06 10:49:33 +02:00
Liu Xiangchao a58e58ca6b
add set element expires field (#223) 2023-04-21 08:26:50 +02:00
Steffen Vogel 1510be9a55 userdata: Add TLV parser/serialized for rule user data 
This TLV format is compatible with the one used by libnftables.
Hence with this change, we can now de/encode comments and other
user data information which is compatible with the Netfilter
command line tooling.

Signed-off-by: Steffen Vogel <post@steffenvogel.de>
 2023-04-18 08:53:20 +02:00
Steffen Vogel 971247e1b2 Move setup/teardown of system NFT connection to internal package 
As we want to reuse it also in other test packages.

Signed-off-by: Steffen Vogel <post@steffenvogel.de>
 2023-04-18 08:53:20 +02:00
konradh a93939a185
Fix getting concatenated data types for maps (#217) 
This also implements parsing of concatenated data types.
 2023-04-02 10:11:12 +02:00
Raman Shishniou 2729c5a5ee
Drop unnecessary table rewrite in GetRules() after 3e042f7 (#219) 2023-03-16 12:38:54 +01:00
dependabot[bot] e016b4e9fa
Bump golang.org/x/net from 0.4.0 to 0.7.0 (#216) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.4.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.4.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-18 14:01:22 +01:00
turekt 9aa6fdf5a2
Masq marshal fix (#214) 
Fixes https://github.com/google/nftables/issues/213
 2023-01-15 21:51:35 +01:00
Michael Stapelberg 2a00dee9fc pull in latest mdlayher/netlink 
related to issue #210
 2022-12-12 17:19:45 +01:00
TheDiveO d1d398adb7
alignedbuff: fix alignment test issue on 32-bit machines (#211) 
- fixes issue #209 where two unit tests for alignedbuff were incorrectly calculating the expected marshalled data length on 32bit machines (whereas actual padding/alignment itself was done correctly).
- adds documentation reference to kernel's xtables.h UAPI regarding alignment.
 2022-12-12 08:51:36 +01:00
xiaoff 1aef2ba20e
Fix: add NFTA_RULE_COMPAT attribute (#207) 
xt_matches or xt_targets like xt_tcpudp may have specific compat policy and
if not set flush rule will error with EINVAL
according to https://elixir.bootlin.com/linux/v3.13/source/net/netfilter/x_tables.c#L563

Signed-off-by: xiaoff <zhaofeng_0019@163.com>
 2022-12-08 09:05:15 +01:00
turekt 130caa4c31
Reject expression fix (#206) 
Added missing reject expression to exprsFromMsg
 2022-11-07 20:04:33 +01:00
turekt 0dda43a5f9
Fix size for TypeTimeHour (#203) 
Corresponding nftables commit: https://git.netfilter.org/nftables/commit/src/meta.c?id=4e1abfc552170d6db5c511634a29918e64c1b51b
 2022-11-01 21:27:48 +01:00
turekt c89a57ce19
Flowtables implementation (#201) 
Added flowtables implementation | Added flow_offload expression | Added tests
 2022-11-01 07:48:00 +01:00
Michael Stapelberg 3ad45c080c use “test” as set name in tests 2022-10-29 08:34:19 +02:00
Joe Williams 0929dfc8bf
Support set element counters (#199) 2022-10-29 08:33:22 +02:00
Joe Williams 4f5cd5826f
add int32 and string types to alignedbuff (#195) 2022-10-15 21:04:45 +02:00
Andrew LeFevre d007ae63f1
fix queue expression getting skipped when unmarshaling rules (#197) 2022-10-15 19:08:15 +02:00
turekt 535f5eb8da
Fix incorrect netlink acknowledgement handling (#194) 
fixes https://github.com/google/nftables/issues/175
 2022-10-02 16:01:48 +02:00
vsandonis 0aa65c0fdd
Fix Objref expression parsing (#193) 
The Objref expression was not considered when parsing raw expressions
bytes to construct nftables expressions.

Add unit test to check that a rule with an Objref expression is
properly obtained by GetRules().

Signed-off-by: Victor Sandonis Consuegra <vsandonis@ibm.com>
 2022-09-28 18:33:16 +02:00
Andrew LeFevre cbeb0fb1ec
added ability to create regular chains without a hook priority (#183) 
See https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Adding_regular_chains
for info on regular chains.

Closes #179.
 2022-09-06 17:27:20 +02:00
xiaoff 6cd15ed863
Fix: add missed parameters of struct ConntrackMtinfoBase (#182) 
according to https://elixir.bootlin.com/linux/v5.17.7/source/include/uapi/linux/netfilter/xt_conntrack.h#L47 there are u16 parameters: MatchFlags and InvertFlags
 2022-09-04 20:05:03 +02:00
turekt 64ce05980f
Set userdata fix (#180) 
Adds user data order bytes to set message
 2022-08-30 22:16:08 +02:00
turekt e4bff45b7f
IsDestRegSet unmarshaling fix (#178) 
Fixes https://github.com/google/nftables/issues/176 | Added test case
 2022-08-30 19:03:33 +02:00
Rafael Campos Las Heras 2eca001357
Fix Meta unmarshal when is Source Register (#174) 
The Meta nftables expression was not filling the Register and SourceRegister
fields when unmarshalling.

Add a check for NFTA_META_SREG message when unmarshalling to fill the Meta
fields.
Add Unit Test for source and destination unmarshall.

Signed-off-by: Rafael Campos <rafael.campos.lasheras@ibm.com>
 2022-08-08 17:45:52 +02:00
Michael Stapelberg c4786406ff gofmt with Go 1.19 2022-08-07 10:20:00 +02:00
Michael Stapelberg 920dc0e0e0 GitHub Actions: bump to Go 1.19 2022-08-07 10:19:50 +02:00
turekt ec1e802faf
Added dynset exprs support (#173) 
fixes https://github.com/google/nftables/issues/172

- Rearranged `exprFromMsg` function
- Rearranged limit expr marshaling logic
- Added dynamic flag for sets
- Implemented connlimit
- Added missing constants 
- Added tests
 2022-07-29 18:32:59 +02:00
Michael Stapelberg a346d51f53 Fetch an acknowledgement for each message that requested one 
This fixes error handling when using lasting connections.

fixes #170
 2022-06-11 23:33:46 +02:00
Michael Stapelberg 2025aec0d2 nftest: generate message acknowledgements 
Previously, the code just returned the input requests, which happened to work
 2022-06-11 23:25:19 +02:00
Michael Stapelberg 2719b9add1 refactor common test code into package nftest 
Converting more test functions to use it (and then splitting out test
functions into their own files) is left for a follow-up commit.
 2022-06-11 23:10:56 +02:00
Michael Stapelberg 33143dee49 GitHub Actions: rename branch 2022-06-11 22:24:28 +02:00
Michael Stapelberg 6861e7b3fc GitHub Actions: run on Go 1.18 2022-06-11 22:24:04 +02:00
TheDiveO 1f0380f5c7
list tables and chains optionally by specific table family (#168) 2022-06-07 17:23:05 +02:00
TheDiveO a9775fb167
fixes issue #107 (#166) 2022-05-16 22:53:33 +02:00
TheDiveO 06687b6e34
use TableFamilyUnspecified (NFPROTO_UNSPEC) instead of AF_UNSPEC (#165) 2022-05-15 23:16:05 +02:00
Michael Stapelberg 58da7d8bf3 make links stable 2022-05-15 23:15:01 +02:00
thediveo 8ea944061f add typed xtables information un/marshalling 
more tests and fixes

more info support; refactoring
 2022-05-15 23:12:26 +02:00
thediveo 4b6f0f2b44 add un/marshalling with native endianess and alignment 2022-05-15 23:12:26 +02:00
thediveo 3e042f75d7 refactor: pass table family when un/marshalling expr 2022-05-15 23:12:26 +02:00
TheDiveO aeea153026
un/marshal Match and Target expressions (#163) 2022-05-12 17:33:22 +02:00
TheDiveO eeaebcf552
add New constructor (with options functions, such as lasting connection) 
* Close receiver for lasting netlink connections while defaulting to existing temporary netlink connection usage
* add unit test for New lasting connection, Close and correct default connection handling behavior
* refactor tests to use New constructor
* make Conn mutex un-exported (#159)

fixes issue #157
 2022-05-09 13:25:29 +02:00
TheDiveO 85d0f3a0db
add GetRules and deprecate GetRule, update tests (#160) 2022-05-08 20:39:12 +02:00
Michael Stapelberg 38a96768db bump go.mod version to go 1.17 
fixes https://github.com/google/nftables/issues/158
 2022-05-02 17:29:23 +02:00