interesting
/
nftables
mirror of https://github.com/google/nftables.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
163 Commits 1 Branch 2 Tags 2.1 MiB
Commit Graph

163 Commits

Author SHA1 Message Date
Michael Stapelberg 920dc0e0e0 GitHub Actions: bump to Go 1.19 2022-08-07 10:19:50 +02:00
turekt ec1e802faf
Added dynset exprs support (#173) 
fixes https://github.com/google/nftables/issues/172

- Rearranged `exprFromMsg` function
- Rearranged limit expr marshaling logic
- Added dynamic flag for sets
- Implemented connlimit
- Added missing constants 
- Added tests
 2022-07-29 18:32:59 +02:00
Michael Stapelberg a346d51f53 Fetch an acknowledgement for each message that requested one 
This fixes error handling when using lasting connections.

fixes #170
 2022-06-11 23:33:46 +02:00
Michael Stapelberg 2025aec0d2 nftest: generate message acknowledgements 
Previously, the code just returned the input requests, which happened to work
 2022-06-11 23:25:19 +02:00
Michael Stapelberg 2719b9add1 refactor common test code into package nftest 
Converting more test functions to use it (and then splitting out test
functions into their own files) is left for a follow-up commit.
 2022-06-11 23:10:56 +02:00
Michael Stapelberg 33143dee49 GitHub Actions: rename branch 2022-06-11 22:24:28 +02:00
Michael Stapelberg 6861e7b3fc GitHub Actions: run on Go 1.18 2022-06-11 22:24:04 +02:00
TheDiveO 1f0380f5c7
list tables and chains optionally by specific table family (#168) 2022-06-07 17:23:05 +02:00
TheDiveO a9775fb167
fixes issue #107 (#166) 2022-05-16 22:53:33 +02:00
TheDiveO 06687b6e34
use TableFamilyUnspecified (NFPROTO_UNSPEC) instead of AF_UNSPEC (#165) 2022-05-15 23:16:05 +02:00
Michael Stapelberg 58da7d8bf3 make links stable 2022-05-15 23:15:01 +02:00
thediveo 8ea944061f add typed xtables information un/marshalling 
more tests and fixes

more info support; refactoring
 2022-05-15 23:12:26 +02:00
thediveo 4b6f0f2b44 add un/marshalling with native endianess and alignment 2022-05-15 23:12:26 +02:00
thediveo 3e042f75d7 refactor: pass table family when un/marshalling expr 2022-05-15 23:12:26 +02:00
TheDiveO aeea153026
un/marshal Match and Target expressions (#163) 2022-05-12 17:33:22 +02:00
TheDiveO eeaebcf552
add New constructor (with options functions, such as lasting connection) 
* Close receiver for lasting netlink connections while defaulting to existing temporary netlink connection usage
* add unit test for New lasting connection, Close and correct default connection handling behavior
* refactor tests to use New constructor
* make Conn mutex un-exported (#159)

fixes issue #157
 2022-05-09 13:25:29 +02:00
TheDiveO 85d0f3a0db
add GetRules and deprecate GetRule, update tests (#160) 2022-05-08 20:39:12 +02:00
Michael Stapelberg 38a96768db bump go.mod version to go 1.17 
fixes https://github.com/google/nftables/issues/158
 2022-05-02 17:29:23 +02:00
turekt 76ed01e300
Support for concat set intervals (#155) 
Fixes https://github.com/google/nftables/issues/154

Added support for intervals in concat sets 
Added missing constants, Concatenation flag and KeyEnd field to Set type with marshaling support
Added ConcatSetTypeElements function to derive base types from concatenated types
Changed nftDatatypes list to map 
Added tests
 2022-04-22 17:12:20 +02:00
Rafael Campos Las Heras 950e408d48 Fix range expression unmarshalling 
Fix the range expression unmarshalling on the `FromData` and `ToData`
Range expression fields.
 2022-04-07 21:54:05 +02:00
Rafael Campos Las Heras d46a80e963 Fix payload unmarshall operation type. 
When unmarshalling the Payload expression the operation type is not
updated. Apply the same logic for unmarshalling that we apply for
marshalling.
 2022-04-07 21:54:05 +02:00
Rafael Campos Las Heras c4d774fc49 Fix expression parsing for notracking 
Fix the expression parsing for non data content like `notracking`
expression.
 2022-04-07 21:54:05 +02:00
Ben de Graaff 2ba518ec5c
Unmarshal Exthdr and support DestRegister/Flags for reads (#151) (#152) 
* Unmarshal Exthdr and support DestRegister/Flags for reads

Some fields in Exthdr are context-sensitive. Mixing unexpected fields
will result in EOPNOTSUPP.

* Fix order in which Exthdr attributes are written
 2022-04-05 21:44:27 +02:00
Michael Stapelberg 19672dc9fe rule: carry over all table attributes (including family) 
fixes https://github.com/google/nftables/issues/150
 2022-04-02 15:01:06 +02:00
Gustavo Iñiguez Goia 5a9391c12f
Added support for quota expression (#149) 2022-03-29 18:00:11 +02:00
turekt 211824995d
Log expression refactor (#147) 
Fixes https://github.com/google/nftables/issues/113

Log expression implementation changed to better support different log options
Added uint16 support to the binaryutil package
Changed old log expression tests that were failing after change
Added a new test to check the implementation for multiple log options
 2022-02-21 22:42:39 +01:00
turekt 8aa05f01ea
Log prefix expression support (#146) 
Fixes https://github.com/google/nftables/issues/115
Added expr.Log to EXPR_DATA switch
Added test for expr.Log parsing
 2022-02-19 20:57:22 +01:00
Michael Stapelberg edf9fe8cd0 remove dependency on now-deleted koneu/natend 
Instead, we just do the unsafe.Pointer() calls directly.

fixes https://github.com/google/nftables/issues/145
 2022-02-10 08:29:02 +01:00
turekt 91d3b4571d
Fix for ListChains policy bug (#144) 
Fixes https://github.com/google/nftables/issues/130 | Added a test case for ListChains func
 2022-02-06 18:44:06 +01:00
turekt a46119e592
Support for rule position 0 (#143) 
Added uint32 Flags to Rule struct to support rules set with position 0

fixes https://github.com/google/nftables/issues/126
 2022-01-29 19:26:06 +01:00
Matt Layher 6f19c4381e
nftables: fix staticcheck error for Conn.getObj (#137) 
Signed-off-by: Matt Layher <mdlayher@gmail.com>
 2021-12-09 23:08:38 +01:00
Matt Layher 611d399a5e
go.mod: use github.com/mdlayher/netlink@v1.4.2 (#136) 
Signed-off-by: Matt Layher <mdlayher@gmail.com>
 2021-12-09 23:08:14 +01:00
Tommie Gannert 16a134723a Tries to fully populate Set.KeyType if it's a simple type. 
Set.DataType also gets the full type descriptor. No changes in
behavior for concatenated datatypes.
 2021-09-16 16:01:15 +02:00
Tommie Gannert 3a4a2bce5f Fixes masks in set flag parsing. 
The NFTA_* constants identify attributes. The result is that, right
now, IsMap == Anonymous.
 2021-09-16 16:01:15 +02:00
Tommie Gannert 0360b9d10a Adds all current datatypes for sets. 
Based on https://git.netfilter.org/nftables/commit/include/datatype.h?id=cca4c856301caa8959ac98aac5811130bc19512c

It makes more sense to point to datatype.h in the comment since the
actual definitions of these types are scattered throughout src/.

uid_t and gid_t sizes are fixed at 4 bytes currently, but that might
of course change. I couldn't find a good way to make this
dynamic. There are a number of Sizeof* constants in x/sys/unix, so
that's probably the right place to add them.
 2021-09-16 16:01:15 +02:00
Michael Stapelberg d553cd2d41 GitHub actions: run on pull requests, too 2021-08-18 09:26:02 +02:00
Michael Stapelberg a285acebca README: switch to GitHub actions badge 2021-05-14 17:48:51 +02:00
pengyuan.dai 5573dab9cc
Add CtStateBit constants and related usage test #121 (#122) 
fixes #121
 2021-05-14 16:05:40 +02:00
pengyuan.dai 523112131a
Add expr.Ct and expr.Range type select in exprsFromMsg (#120) 
fixes #119
 2021-05-11 11:11:10 +02:00
Michael Stapelberg 715e31cb3c switch from travis to GitHub actions 2020-12-30 15:21:48 +01:00
Paul Greenberg c25e4f69b4
fix: unmarshaling verdicts with chain information (#106) 
Before this commit: the unmarshaling of a verdict pointing
to a chain fails.

After this commit: the unmarshaling of a rule with a verdict
pointing to a chain succeeds and the information about the
chain gets put in `Verdict.Chain`.

Resolves: #105

Signed-off-by: Paul Greenberg <greenpau@outlook.com>
 2020-08-02 19:55:06 +02:00
Grégoire Delattre 7127d9d224
Add support for rate limiting (#101) 2020-03-16 08:58:19 +01:00
Alexis PIRES 64aca752d1
Remove Object API (#100) 
Co-authored-by: Alexis PIRES <alexis.pires@atos.net>
 2020-03-09 08:43:47 +01:00
Grégoire Delattre 21c5c5c425
Add missing VerdictKind (#99) 2020-03-06 11:32:18 +01:00
Zackery Field 9caf4234bf
Report whether set has flag configured (#98) 2020-02-27 08:28:57 +01:00
Serguei Bezverkhi 1c56a1906f Add Dynset expression and unit test (#97) 
* Add dynset expression and unit test

Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2020-02-10 11:14:20 +01:00
Serguei Bezverkhi 9cdc3d048a
Add support for timeouts for set elements and sets (#96) 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2020-02-05 11:33:52 +01:00
Serguei Bezverkhi 26bcabf490 disable lock when no namespace is needed (#95) 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2020-01-22 22:39:39 +01:00
Leon Vack 327d5c62cd function to create concatenated SetDatatypes (#93) 
added function to create concatenated SetDatatypes
 2020-01-22 22:37:16 +01:00
Serguei Bezverkhi 88b35b63a9 Add GetSetByName call (#94) 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2020-01-21 08:39:40 +01:00