nftables

Go to file

nickgarlis 4c1b4e9a74 Expose accumulated message size AFAIU, netlink has a message size limit of ~32KB. This means that a single transaction would be limited to a few operations. Going over the limit would result in the following error after flushing: netlink receive: recvmsg: no buffer space available If I am not mistaken, the only alternative is to then divide big transactions into smaller chunks. The only issue is that it's hard to tell when the limit has been exceeded. That's why I suggest exposing a function that would produce the accumulated message size since the messages slice is private. - https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/netlink/af_netlink.c?id=1e26c5e28ca5821a824e90dd359556f5e9e7b89f#n1930 - https://web.git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=d35c99ff77ecb2eb239731b799386f3b3637a31e		2025-03-26 23:23:44 +01:00
.github/workflows	Add integration tests for nftables package	2025-01-15 12:42:22 +01:00
alignedbuff	alignedbuff: fix alignment test issue on 32-bit machines (#211 )	2022-12-12 08:51:36 +01:00
binaryutil	add int32 and string types to alignedbuff (#195 )	2022-10-15 21:04:45 +02:00
expr	Add missing ct keys (#310 )	2025-03-26 09:54:08 +01:00
integration	Add integration tests for nftables package	2025-01-15 12:42:22 +01:00
internal	Set rule handle during flush (#299 )	2025-03-26 09:24:33 +01:00
userdata	add support for comments in set elements (#293 )	2025-01-15 09:36:42 +01:00
xt	feat: add xt.Comment (#260 )	2024-04-22 08:53:34 +02:00
CONTRIBUTING.md	Initial commit	2018-05-24 22:09:26 -07:00
LICENSE	Initial commit	2018-05-24 22:09:26 -07:00
README.md	README: switch to GitHub actions badge	2021-05-14 17:48:51 +02:00
chain.go	Set rule handle during flush (#299 )	2025-03-26 09:24:33 +01:00
compat_policy.go	Fix: add NFTA_RULE_COMPAT attribute (#207 )	2022-12-08 09:05:15 +01:00
compat_policy_test.go	Fix: add NFTA_RULE_COMPAT attribute (#207 )	2022-12-08 09:05:15 +01:00
conn.go	Expose accumulated message size	2025-03-26 23:23:44 +01:00
counter.go	refactor nftable Object handling (NamedObj type) (#259 )	2024-07-29 08:43:58 +02:00
doc.go	Restructure code base into smaller files (#15 )	2019-05-03 23:54:09 +02:00
flowtable.go	Set rule handle during flush (#299 )	2025-03-26 09:24:33 +01:00
gen.go	Use const instead of var where possible	2025-02-26 15:11:55 +01:00
go.mod	go.{mod,sum}: update to latest x/ packages	2025-03-13 09:42:41 +01:00
go.sum	go.{mod,sum}: update to latest x/ packages	2025-03-13 09:42:41 +01:00
monitor.go	Implement AddGenerationalMonitor to deliver monitor events in batches (#283 )	2024-11-09 12:07:36 +01:00
monitor_test.go	Fix incorrect size check in NFGenMsg (#287 )	2024-12-13 07:30:25 +01:00
nftables_test.go	Set rule handle during flush (#299 )	2025-03-26 09:24:33 +01:00
obj.go	Set rule handle during flush (#299 )	2025-03-26 09:24:33 +01:00
quota.go	Fix Fib parsing (#296 )	2025-01-16 09:15:33 +01:00
rule.go	Deprecate Rule.Flags field (#304 )	2025-03-26 09:57:20 +01:00
set.go	Set rule handle during flush (#299 )	2025-03-26 09:24:33 +01:00
set_test.go	Set rule handle during flush (#299 )	2025-03-26 09:24:33 +01:00
table.go	Set rule handle during flush (#299 )	2025-03-26 09:24:33 +01:00
util.go	Fix incorrect size check in NFGenMsg (#287 )	2024-12-13 07:30:25 +01:00
util_test.go	NAT: prefix test	2024-01-12 21:30:04 +01:00

README.md

This is not the correct repository for issues with the Linux nftables project! This repository contains a third-party Go package to programmatically interact with nftables. Find the official nftables website at https://wiki.nftables.org/

This package manipulates Linux nftables (the iptables successor). It is implemented in pure Go, i.e. does not wrap libnftnl.

This is not an official Google product.

Breaking changes

This package is in very early stages, and only contains enough data types and functions to install very basic nftables rules. It is likely that mistakes with the data types/API will be identified as more functionality is added.

Contributions

Contributions are very welcome!