interesting
/
nftables
mirror of https://github.com/google/nftables.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
189 Commits 1 Branch 2 Tags 2.1 MiB
Commit Graph

189 Commits

Author SHA1 Message Date
black-desk b18665a6ec
Implement socket expr (#222) 
Signed-off-by: black-desk <me@black-desk.cn>
 2023-05-06 10:49:33 +02:00
Liu Xiangchao a58e58ca6b
add set element expires field (#223) 2023-04-21 08:26:50 +02:00
Steffen Vogel 1510be9a55 userdata: Add TLV parser/serialized for rule user data 
This TLV format is compatible with the one used by libnftables.
Hence with this change, we can now de/encode comments and other
user data information which is compatible with the Netfilter
command line tooling.

Signed-off-by: Steffen Vogel <post@steffenvogel.de>
 2023-04-18 08:53:20 +02:00
Steffen Vogel 971247e1b2 Move setup/teardown of system NFT connection to internal package 
As we want to reuse it also in other test packages.

Signed-off-by: Steffen Vogel <post@steffenvogel.de>
 2023-04-18 08:53:20 +02:00
konradh a93939a185
Fix getting concatenated data types for maps (#217) 
This also implements parsing of concatenated data types.
 2023-04-02 10:11:12 +02:00
Raman Shishniou 2729c5a5ee
Drop unnecessary table rewrite in GetRules() after 3e042f7 (#219) 2023-03-16 12:38:54 +01:00
dependabot[bot] e016b4e9fa
Bump golang.org/x/net from 0.4.0 to 0.7.0 (#216) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.4.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.4.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-18 14:01:22 +01:00
turekt 9aa6fdf5a2
Masq marshal fix (#214) 
Fixes https://github.com/google/nftables/issues/213
 2023-01-15 21:51:35 +01:00
Michael Stapelberg 2a00dee9fc pull in latest mdlayher/netlink 
related to issue #210
 2022-12-12 17:19:45 +01:00
TheDiveO d1d398adb7
alignedbuff: fix alignment test issue on 32-bit machines (#211) 
- fixes issue #209 where two unit tests for alignedbuff were incorrectly calculating the expected marshalled data length on 32bit machines (whereas actual padding/alignment itself was done correctly).
- adds documentation reference to kernel's xtables.h UAPI regarding alignment.
 2022-12-12 08:51:36 +01:00
xiaoff 1aef2ba20e
Fix: add NFTA_RULE_COMPAT attribute (#207) 
xt_matches or xt_targets like xt_tcpudp may have specific compat policy and
if not set flush rule will error with EINVAL
according to https://elixir.bootlin.com/linux/v3.13/source/net/netfilter/x_tables.c#L563

Signed-off-by: xiaoff <zhaofeng_0019@163.com>
 2022-12-08 09:05:15 +01:00
turekt 130caa4c31
Reject expression fix (#206) 
Added missing reject expression to exprsFromMsg
 2022-11-07 20:04:33 +01:00
turekt 0dda43a5f9
Fix size for TypeTimeHour (#203) 
Corresponding nftables commit: https://git.netfilter.org/nftables/commit/src/meta.c?id=4e1abfc552170d6db5c511634a29918e64c1b51b
 2022-11-01 21:27:48 +01:00
turekt c89a57ce19
Flowtables implementation (#201) 
Added flowtables implementation | Added flow_offload expression | Added tests
 2022-11-01 07:48:00 +01:00
Michael Stapelberg 3ad45c080c use “test” as set name in tests 2022-10-29 08:34:19 +02:00
Joe Williams 0929dfc8bf
Support set element counters (#199) 2022-10-29 08:33:22 +02:00
Joe Williams 4f5cd5826f
add int32 and string types to alignedbuff (#195) 2022-10-15 21:04:45 +02:00
Andrew LeFevre d007ae63f1
fix queue expression getting skipped when unmarshaling rules (#197) 2022-10-15 19:08:15 +02:00
turekt 535f5eb8da
Fix incorrect netlink acknowledgement handling (#194) 
fixes https://github.com/google/nftables/issues/175
 2022-10-02 16:01:48 +02:00
vsandonis 0aa65c0fdd
Fix Objref expression parsing (#193) 
The Objref expression was not considered when parsing raw expressions
bytes to construct nftables expressions.

Add unit test to check that a rule with an Objref expression is
properly obtained by GetRules().

Signed-off-by: Victor Sandonis Consuegra <vsandonis@ibm.com>
 2022-09-28 18:33:16 +02:00
Andrew LeFevre cbeb0fb1ec
added ability to create regular chains without a hook priority (#183) 
See https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Adding_regular_chains
for info on regular chains.

Closes #179.
 2022-09-06 17:27:20 +02:00
xiaoff 6cd15ed863
Fix: add missed parameters of struct ConntrackMtinfoBase (#182) 
according to https://elixir.bootlin.com/linux/v5.17.7/source/include/uapi/linux/netfilter/xt_conntrack.h#L47 there are u16 parameters: MatchFlags and InvertFlags
 2022-09-04 20:05:03 +02:00
turekt 64ce05980f
Set userdata fix (#180) 
Adds user data order bytes to set message
 2022-08-30 22:16:08 +02:00
turekt e4bff45b7f
IsDestRegSet unmarshaling fix (#178) 
Fixes https://github.com/google/nftables/issues/176 | Added test case
 2022-08-30 19:03:33 +02:00
Rafael Campos Las Heras 2eca001357
Fix Meta unmarshal when is Source Register (#174) 
The Meta nftables expression was not filling the Register and SourceRegister
fields when unmarshalling.

Add a check for NFTA_META_SREG message when unmarshalling to fill the Meta
fields.
Add Unit Test for source and destination unmarshall.

Signed-off-by: Rafael Campos <rafael.campos.lasheras@ibm.com>
 2022-08-08 17:45:52 +02:00
Michael Stapelberg c4786406ff gofmt with Go 1.19 2022-08-07 10:20:00 +02:00
Michael Stapelberg 920dc0e0e0 GitHub Actions: bump to Go 1.19 2022-08-07 10:19:50 +02:00
turekt ec1e802faf
Added dynset exprs support (#173) 
fixes https://github.com/google/nftables/issues/172

- Rearranged `exprFromMsg` function
- Rearranged limit expr marshaling logic
- Added dynamic flag for sets
- Implemented connlimit
- Added missing constants 
- Added tests
 2022-07-29 18:32:59 +02:00
Michael Stapelberg a346d51f53 Fetch an acknowledgement for each message that requested one 
This fixes error handling when using lasting connections.

fixes #170
 2022-06-11 23:33:46 +02:00
Michael Stapelberg 2025aec0d2 nftest: generate message acknowledgements 
Previously, the code just returned the input requests, which happened to work
 2022-06-11 23:25:19 +02:00
Michael Stapelberg 2719b9add1 refactor common test code into package nftest 
Converting more test functions to use it (and then splitting out test
functions into their own files) is left for a follow-up commit.
 2022-06-11 23:10:56 +02:00
Michael Stapelberg 33143dee49 GitHub Actions: rename branch 2022-06-11 22:24:28 +02:00
Michael Stapelberg 6861e7b3fc GitHub Actions: run on Go 1.18 2022-06-11 22:24:04 +02:00
TheDiveO 1f0380f5c7
list tables and chains optionally by specific table family (#168) 2022-06-07 17:23:05 +02:00
TheDiveO a9775fb167
fixes issue #107 (#166) 2022-05-16 22:53:33 +02:00
TheDiveO 06687b6e34
use TableFamilyUnspecified (NFPROTO_UNSPEC) instead of AF_UNSPEC (#165) 2022-05-15 23:16:05 +02:00
Michael Stapelberg 58da7d8bf3 make links stable 2022-05-15 23:15:01 +02:00
thediveo 8ea944061f add typed xtables information un/marshalling 
more tests and fixes

more info support; refactoring
 2022-05-15 23:12:26 +02:00
thediveo 4b6f0f2b44 add un/marshalling with native endianess and alignment 2022-05-15 23:12:26 +02:00
thediveo 3e042f75d7 refactor: pass table family when un/marshalling expr 2022-05-15 23:12:26 +02:00
TheDiveO aeea153026
un/marshal Match and Target expressions (#163) 2022-05-12 17:33:22 +02:00
TheDiveO eeaebcf552
add New constructor (with options functions, such as lasting connection) 
* Close receiver for lasting netlink connections while defaulting to existing temporary netlink connection usage
* add unit test for New lasting connection, Close and correct default connection handling behavior
* refactor tests to use New constructor
* make Conn mutex un-exported (#159)

fixes issue #157
 2022-05-09 13:25:29 +02:00
TheDiveO 85d0f3a0db
add GetRules and deprecate GetRule, update tests (#160) 2022-05-08 20:39:12 +02:00
Michael Stapelberg 38a96768db bump go.mod version to go 1.17 
fixes https://github.com/google/nftables/issues/158
 2022-05-02 17:29:23 +02:00
turekt 76ed01e300
Support for concat set intervals (#155) 
Fixes https://github.com/google/nftables/issues/154

Added support for intervals in concat sets 
Added missing constants, Concatenation flag and KeyEnd field to Set type with marshaling support
Added ConcatSetTypeElements function to derive base types from concatenated types
Changed nftDatatypes list to map 
Added tests
 2022-04-22 17:12:20 +02:00
Rafael Campos Las Heras 950e408d48 Fix range expression unmarshalling 
Fix the range expression unmarshalling on the `FromData` and `ToData`
Range expression fields.
 2022-04-07 21:54:05 +02:00
Rafael Campos Las Heras d46a80e963 Fix payload unmarshall operation type. 
When unmarshalling the Payload expression the operation type is not
updated. Apply the same logic for unmarshalling that we apply for
marshalling.
 2022-04-07 21:54:05 +02:00
Rafael Campos Las Heras c4d774fc49 Fix expression parsing for notracking 
Fix the expression parsing for non data content like `notracking`
expression.
 2022-04-07 21:54:05 +02:00
Ben de Graaff 2ba518ec5c
Unmarshal Exthdr and support DestRegister/Flags for reads (#151) (#152) 
* Unmarshal Exthdr and support DestRegister/Flags for reads

Some fields in Exthdr are context-sensitive. Mixing unexpected fields
will result in EOPNOTSUPP.

* Fix order in which Exthdr attributes are written
 2022-04-05 21:44:27 +02:00
Michael Stapelberg 19672dc9fe rule: carry over all table attributes (including family) 
fixes https://github.com/google/nftables/issues/150
 2022-04-02 15:01:06 +02:00