Commit 0d9bfa4d18 added code to handle "overrun", but the commit is
very misleading. NLMSG_OVERRUN is in fact not a flag, but a complete
message type, so the (re&netlink.Overrun) masking makes no sense. Even
better, NLMSG_OVERRUN is never actually used by Linux.
The actual bug which the commit was attempting to fix is that Flush was
not receiving replies which the kernel sent for messages with the echo
flag. This change reverts that commit and instead adds code in Flush to
receive the replies.
I updated tests which simulate the kernel to generate replies.
The ID allows referring to a rule before it is committed, as
demonstrated in the newly added test.
I had to update all existing tests which compared generated netlink
messages against a reference, by inserting the newly added ID attribute.
If the number of elements to be added to or removed from a set is large,
they may not all fit into one message, because the size field of a
netlink attribute is a uint16 and would overflow. To support this case,
the elements need to be split into multiple batches.
* fix: resolve deadlock in `Flush` function when handling ENOBUFS error
* Simulate deadlock issue using reduced read/write buffers to verify the fix and ensure no regressions
* Refactored obj.go to a more generic approach
* Added object support for already implemented expressions
* Added test for limit object
fixes https://github.com/google/nftables/issues/253
The Objref expression was not considered when parsing raw expressions
bytes to construct nftables expressions.
Add unit test to check that a rule with an Objref expression is
properly obtained by GetRules().
Signed-off-by: Victor Sandonis Consuegra <vsandonis@ibm.com>
* Close receiver for lasting netlink connections while defaulting to existing temporary netlink connection usage
* add unit test for New lasting connection, Close and correct default connection handling behavior
* refactor tests to use New constructor
* make Conn mutex un-exported (#159)
fixes issue #157
Fixes https://github.com/google/nftables/issues/154
Added support for intervals in concat sets
Added missing constants, Concatenation flag and KeyEnd field to Set type with marshaling support
Added ConcatSetTypeElements function to derive base types from concatenated types
Changed nftDatatypes list to map
Added tests
* Unmarshal Exthdr and support DestRegister/Flags for reads
Some fields in Exthdr are context-sensitive. Mixing unexpected fields
will result in EOPNOTSUPP.
* Fix order in which Exthdr attributes are written
Fixes https://github.com/google/nftables/issues/113
Log expression implementation changed to better support different log options
Added uint16 support to the binaryutil package
Changed old log expression tests that were failing after change
Added a new test to check the implementation for multiple log options
Jan Schär
Aleksei Ilin
turekt
Antonio Ojea
shiningw
patryk4815
Asutorufa
Francesco Cheinasso
black-desk
Steffen Vogel
xiaoff
Michael Stapelberg
Joe Williams
Andrew LeFevre
vsandonis
Andrew LeFevre
TheDiveO
Ben de Graaff
Gustavo Iñiguez Goia
pengyuan.dai
Alexis PIRES
Serguei Bezverkhi
Leon Vack