interesting
/
nftables
mirror of https://github.com/google/nftables.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
250 Commits 1 Branch 3 Tags 3.7 MiB
Commit Graph

32 Commits

Author SHA1 Message Date
Jan Schär 9a2862f48b
Receive replies in Flush (#309) 
Commit 0d9bfa4d18 added code to handle "overrun", but the commit is
very misleading. NLMSG_OVERRUN is in fact not a flag, but a complete
message type, so the (re&netlink.Overrun) masking makes no sense. Even
better, NLMSG_OVERRUN is never actually used by Linux.

The actual bug which the commit was attempting to fix is that Flush was
not receiving replies which the kernel sent for messages with the echo
flag. This change reverts that commit and instead adds code in Flush to
receive the replies.

I updated tests which simulate the kernel to generate replies.
 2025-03-25 17:03:44 +01:00
Jan Schär d11ef81b6a
Add ID to rule (#308) 
The ID allows referring to a rule before it is committed, as
demonstrated in the newly added test.

I had to update all existing tests which compared generated netlink
messages against a reference, by inserting the newly added ID attribute.
 2025-03-18 09:44:35 +01:00
Jan Schär 385f80f4ef Use const instead of var where possible 2025-02-26 15:11:55 +01:00
turekt 4d451ef75f
Fix staticcheck issues (#266) 2024-08-11 10:00:48 +02:00
singchia 5555df300c
feat: add monitor on table chain rule set setelem and obj events (#250) 
fixes https://github.com/google/nftables/issues/224
 2023-12-13 08:23:07 +01:00
Raman Shishniou 2729c5a5ee
Drop unnecessary table rewrite in GetRules() after 3e042f7 (#219) 2023-03-16 12:38:54 +01:00
xiaoff 1aef2ba20e
Fix: add NFTA_RULE_COMPAT attribute (#207) 
xt_matches or xt_targets like xt_tcpudp may have specific compat policy and
if not set flush rule will error with EINVAL
according to https://elixir.bootlin.com/linux/v3.13/source/net/netfilter/x_tables.c#L563

Signed-off-by: xiaoff <zhaofeng_0019@163.com>
 2022-12-08 09:05:15 +01:00
turekt 535f5eb8da
Fix incorrect netlink acknowledgement handling (#194) 
fixes https://github.com/google/nftables/issues/175
 2022-10-02 16:01:48 +02:00
turekt ec1e802faf
Added dynset exprs support (#173) 
fixes https://github.com/google/nftables/issues/172

- Rearranged `exprFromMsg` function
- Rearranged limit expr marshaling logic
- Added dynamic flag for sets
- Implemented connlimit
- Added missing constants 
- Added tests
 2022-07-29 18:32:59 +02:00
thediveo 3e042f75d7 refactor: pass table family when un/marshalling expr 2022-05-15 23:12:26 +02:00
TheDiveO aeea153026
un/marshal Match and Target expressions (#163) 2022-05-12 17:33:22 +02:00
TheDiveO eeaebcf552
add New constructor (with options functions, such as lasting connection) 
* Close receiver for lasting netlink connections while defaulting to existing temporary netlink connection usage
* add unit test for New lasting connection, Close and correct default connection handling behavior
* refactor tests to use New constructor
* make Conn mutex un-exported (#159)

fixes issue #157
 2022-05-09 13:25:29 +02:00
TheDiveO 85d0f3a0db
add GetRules and deprecate GetRule, update tests (#160) 2022-05-08 20:39:12 +02:00
Rafael Campos Las Heras c4d774fc49 Fix expression parsing for notracking 
Fix the expression parsing for non data content like `notracking`
expression.
 2022-04-07 21:54:05 +02:00
Ben de Graaff 2ba518ec5c
Unmarshal Exthdr and support DestRegister/Flags for reads (#151) (#152) 
* Unmarshal Exthdr and support DestRegister/Flags for reads

Some fields in Exthdr are context-sensitive. Mixing unexpected fields
will result in EOPNOTSUPP.

* Fix order in which Exthdr attributes are written
 2022-04-05 21:44:27 +02:00
Michael Stapelberg 19672dc9fe rule: carry over all table attributes (including family) 
fixes https://github.com/google/nftables/issues/150
 2022-04-02 15:01:06 +02:00
Gustavo Iñiguez Goia 5a9391c12f
Added support for quota expression (#149) 2022-03-29 18:00:11 +02:00
turekt 8aa05f01ea
Log prefix expression support (#146) 
Fixes https://github.com/google/nftables/issues/115
Added expr.Log to EXPR_DATA switch
Added test for expr.Log parsing
 2022-02-19 20:57:22 +01:00
turekt a46119e592
Support for rule position 0 (#143) 
Added uint32 Flags to Rule struct to support rules set with position 0

fixes https://github.com/google/nftables/issues/126
 2022-01-29 19:26:06 +01:00
pengyuan.dai 523112131a
Add expr.Ct and expr.Range type select in exprsFromMsg (#120) 
fixes #119
 2021-05-11 11:11:10 +02:00
Grégoire Delattre 7127d9d224
Add support for rate limiting (#101) 2020-03-16 08:58:19 +01:00
Serguei Bezverkhi 1c56a1906f Add Dynset expression and unit test (#97) 
* Add dynset expression and unit test

Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2020-02-10 11:14:20 +01:00
Alexis PIRES c4896ab7c6 Add insert/replace (#86) 2020-01-01 16:50:27 +01:00
Serguei Bezverkhi 14f3137cde protect cc.messages from racing (#75) 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2019-11-14 16:22:42 +01:00
Serguei Bezverkhi 26aec69f06 enable redir and nat decoders (#73) 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2019-11-08 09:17:41 +01:00
Serguei Bezverkhi e0f4f3f8f8 Add bitwise decoder logic (#71) 2019-11-07 15:38:12 +01:00
Serguei Bezverkhi 5cb71bfba1 rule replace (#50) 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2019-08-19 23:35:24 +02:00
Serguei Bezverkhi 0b3d8b56f6 Implementation of UserData struct encode/decode (#49) 2019-08-15 08:25:30 +02:00
Serguei Bezverkhi 635111f591 Adding DelRule and unit tests (#36) 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2019-07-14 14:49:03 +02:00
Serguei Bezverkhi b62e86457d Change logic of searching for rule's ID (#34) 
Signed-off-by: Serguei Bezverkhi <sbezverk@cisco.com>
 2019-07-08 22:46:23 +02:00
Serguei Bezverkhi 7c0b8e78d4 Add support for rule's handle, position and id (#33) 2019-07-08 18:01:35 +02:00
Ryan Whelan 7bac3e3135 Restructure code base into smaller files (#15) 
* Restrcture code base into smaller files

* Package level doc string

* Move ExprsFromMsg back from expr sub-module

* gofmt
 2019-05-03 23:54:09 +02:00