interesting
/
nftables
mirror of https://github.com/google/nftables.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: interesting:c43b47f4ecc987e546711866d8e7f2f2b8a7921c
Branches Tags
interesting:main
interesting:v0.3.0
interesting:v0.2.0
interesting:v0.1.0
..
compare: interesting:d68771344cab6af92b46c6837664e905c3005bd8
Branches Tags
interesting:main
interesting:v0.3.0
interesting:v0.2.0
interesting:v0.1.0

1 Commits
c43b47f4ec ... d68771344c

Author SHA1 Message Date
Antonio Ojea d68771344c
Merge 1e48c1007e into ba5b671e14 2025-09-15 16:20:15 +02:00
2 changed files with 13 additions and 39 deletions
Show Stats Expand all files Collapse all files

37
set.go
View File

@ -247,17 +247,16 @@ func ConcatSetTypeElements(t SetDatatype) []SetDatatype {
// Set represents an nftables set. Anonymous sets are only valid within the
// context of a single batch.
type Set struct {
Table *Table
ID uint32
Name string
Anonymous bool
Constant bool
Interval bool
DataInterval bool
AutoMerge bool
IsMap bool
HasTimeout bool
Counter bool
Table *Table
ID uint32
Name string
Anonymous bool
Constant bool
Interval bool
AutoMerge bool
IsMap bool
HasTimeout bool
Counter bool
// Can be updated per evaluation path, per `nft list ruleset`
// indicates that set contains "flags dynamic"
// https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=84d12cfacf8ddd857a09435f3d982ab6250d250c#n298
@ -675,10 +674,6 @@ func (cc *Conn) AddSet(s *Set, vals []SetElement) error {
userData = userdata.AppendUint32(userData, userdata.NFTNL_UDATA_SET_MERGE_ELEMENTS, 1)
}
if s.DataInterval {
userData = userdata.AppendUint32(userData, userdata.NFTNL_UDATA_SET_DATA_INTERVAL, 1)
}
if len(s.Comment) != 0 {
userData = userdata.AppendString(userData, userdata.NFTNL_UDATA_SET_COMMENT, s.Comment)
}
@ -802,16 +797,8 @@ func setsFromMsg(msg netlink.Message) (*Set, error) {
set.DataType.Bytes = binary.BigEndian.Uint32(ad.Bytes())
case unix.NFTA_SET_USERDATA:
data := ad.Bytes()
if val, ok := userdata.GetString(data, userdata.NFTNL_UDATA_SET_COMMENT); ok {
set.Comment = val
}
if val, ok := userdata.GetUint32(data, userdata.NFTNL_UDATA_SET_MERGE_ELEMENTS); ok {
set.AutoMerge = val == 1
}
if val, ok := userdata.GetUint32(data, userdata.NFTNL_UDATA_SET_DATA_INTERVAL); ok {
set.DataInterval = val == 1
}
value, ok := userdata.GetUint32(data, userdata.NFTNL_UDATA_SET_MERGE_ELEMENTS)
set.AutoMerge = ok && value == 1
case unix.NFTA_SET_DESC:
nestedAD, err := netlink.NewAttributeDecoder(ad.Bytes())
if err != nil {

15
set_test.go
View File

@ -257,26 +257,13 @@ func TestMarshalSet(t *testing.T) {
name: "Vedict map",
set: Set{
Name: "test-map",
ID: uint32(4),
ID: uint32(3),
Table: tbl,
KeyType: TypeIPAddr,
DataType: TypeVerdict,
IsMap: true,
},
},
{
name: "Map ip-ip", // generic case
set: Set{
Name: "test-map",
ID: uint32(5),
Table: tbl,
KeyType: TypeIPAddr,
DataType: TypeIPAddr,
DataInterval: true,
IsMap: true,
Comment: "test-comment",
},
},
}
for i, tt := range tests {