interesting
/
nftables
mirror of https://github.com/google/nftables.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: interesting:c43b47f4ecc987e546711866d8e7f2f2b8a7921c
Branches Tags
interesting:main
interesting:v0.3.0
interesting:v0.2.0
interesting:v0.1.0
..
compare: interesting:d68771344cab6af92b46c6837664e905c3005bd8
Branches Tags
interesting:main
interesting:v0.3.0
interesting:v0.2.0
interesting:v0.1.0

1 Commits
c43b47f4ec ... d68771344c

Author SHA1 Message Date
Antonio Ojea d68771344c
Merge 1e48c1007e into ba5b671e14 2025-09-15 16:20:15 +02:00
2 changed files with 13 additions and 39 deletions
Show Stats Expand all files Collapse all files

37
set.go
View File

@ -247,17 +247,16 @@ func ConcatSetTypeElements(t SetDatatype) []SetDatatype {
// Set represents an nftables set. Anonymous sets are only valid within the // Set represents an nftables set. Anonymous sets are only valid within the
// context of a single batch. // context of a single batch.
type Set struct { type Set struct {
Table *Table Table *Table
ID uint32 ID uint32
Name string Name string
Anonymous bool Anonymous bool
Constant bool Constant bool
Interval bool Interval bool
DataInterval bool AutoMerge bool
AutoMerge bool IsMap bool
IsMap bool HasTimeout bool
HasTimeout bool Counter bool
Counter bool
// Can be updated per evaluation path, per `nft list ruleset` // Can be updated per evaluation path, per `nft list ruleset`
// indicates that set contains "flags dynamic" // indicates that set contains "flags dynamic"
// https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=84d12cfacf8ddd857a09435f3d982ab6250d250c#n298 // https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=84d12cfacf8ddd857a09435f3d982ab6250d250c#n298
@ -675,10 +674,6 @@ func (cc *Conn) AddSet(s *Set, vals []SetElement) error {
userData = userdata.AppendUint32(userData, userdata.NFTNL_UDATA_SET_MERGE_ELEMENTS, 1) userData = userdata.AppendUint32(userData, userdata.NFTNL_UDATA_SET_MERGE_ELEMENTS, 1)
} }
if s.DataInterval {
userData = userdata.AppendUint32(userData, userdata.NFTNL_UDATA_SET_DATA_INTERVAL, 1)
}
if len(s.Comment) != 0 { if len(s.Comment) != 0 {
userData = userdata.AppendString(userData, userdata.NFTNL_UDATA_SET_COMMENT, s.Comment) userData = userdata.AppendString(userData, userdata.NFTNL_UDATA_SET_COMMENT, s.Comment)
} }
@ -802,16 +797,8 @@ func setsFromMsg(msg netlink.Message) (*Set, error) {
set.DataType.Bytes = binary.BigEndian.Uint32(ad.Bytes()) set.DataType.Bytes = binary.BigEndian.Uint32(ad.Bytes())
case unix.NFTA_SET_USERDATA: case unix.NFTA_SET_USERDATA:
data := ad.Bytes() data := ad.Bytes()
if val, ok := userdata.GetString(data, userdata.NFTNL_UDATA_SET_COMMENT); ok { value, ok := userdata.GetUint32(data, userdata.NFTNL_UDATA_SET_MERGE_ELEMENTS)
set.Comment = val set.AutoMerge = ok && value == 1
}
if val, ok := userdata.GetUint32(data, userdata.NFTNL_UDATA_SET_MERGE_ELEMENTS); ok {
set.AutoMerge = val == 1
}
if val, ok := userdata.GetUint32(data, userdata.NFTNL_UDATA_SET_DATA_INTERVAL); ok {
set.DataInterval = val == 1
}
case unix.NFTA_SET_DESC: case unix.NFTA_SET_DESC:
nestedAD, err := netlink.NewAttributeDecoder(ad.Bytes()) nestedAD, err := netlink.NewAttributeDecoder(ad.Bytes())
if err != nil { if err != nil {

15
set_test.go
View File

@ -257,26 +257,13 @@ func TestMarshalSet(t *testing.T) {
name: "Vedict map", name: "Vedict map",
set: Set{ set: Set{
Name: "test-map", Name: "test-map",
ID: uint32(4), ID: uint32(3),
Table: tbl, Table: tbl,
KeyType: TypeIPAddr, KeyType: TypeIPAddr,
DataType: TypeVerdict, DataType: TypeVerdict,
IsMap: true, IsMap: true,
}, },
}, },
{
name: "Map ip-ip", // generic case
set: Set{
Name: "test-map",
ID: uint32(5),
Table: tbl,
KeyType: TypeIPAddr,
DataType: TypeIPAddr,
DataInterval: true,
IsMap: true,
Comment: "test-comment",
},
},
} }
for i, tt := range tests { for i, tt := range tests {