Go to file
black-desk 6df7a82bbd
fix: correct error handling in receiveAckAware (#243)
Related: #242

After 7879d7ecf6, it seems that
any multi-message operation performed without CAP_SYS_ADMIN will
leads to forever block inside nftables.Conn.Flush.

For example:

```go
package main

import "github.com/google/nftables"

func main() {
	conn, err := nftables.New()
	if err != nil {
		panic(err)
	}

	t := conn.AddTable(&nftables.Table{})

	err = conn.AddSet(&nftables.Set{Table: t}, []nftables.SetElement{})
	if err != nil {
		panic(err)
	}

	conn.AddSet(&nftables.Set{Table: t}, []nftables.SetElement{})
	if err != nil {
		panic(err)
	}

	err = conn.Flush()
	if err != nil {
		panic(err)
	}

	return
}
```

That's because that although we send multiple messages on netlink
socket, kernel will only sends one permission error message as reply.

Signed-off-by: black-desk <me@black-desk.cn>
2023-10-21 22:11:55 +02:00
.github/workflows GitHub Actions: switch to setup-go@v4 which enables caching 2023-05-20 14:47:36 +02:00
alignedbuff alignedbuff: fix alignment test issue on 32-bit machines (#211) 2022-12-12 08:51:36 +01:00
binaryutil add int32 and string types to alignedbuff (#195) 2022-10-15 21:04:45 +02:00
expr hash: Fix hash seed conditional (#234) 2023-08-03 08:14:23 +02:00
internal Move setup/teardown of system NFT connection to internal package 2023-04-18 08:53:20 +02:00
userdata userdata: Add TLV parser/serialized for rule user data 2023-04-18 08:53:20 +02:00
xt Fix: add missed parameters of struct ConntrackMtinfoBase (#182) 2022-09-04 20:05:03 +02:00
CONTRIBUTING.md Initial commit 2018-05-24 22:09:26 -07:00
LICENSE Initial commit 2018-05-24 22:09:26 -07:00
README.md README: switch to GitHub actions badge 2021-05-14 17:48:51 +02:00
chain.go added ability to create regular chains without a hook priority (#183) 2022-09-06 17:27:20 +02:00
compat_policy.go Fix: add NFTA_RULE_COMPAT attribute (#207) 2022-12-08 09:05:15 +01:00
compat_policy_test.go Fix: add NFTA_RULE_COMPAT attribute (#207) 2022-12-08 09:05:15 +01:00
conn.go fix: correct error handling in receiveAckAware (#243) 2023-10-21 22:11:55 +02:00
counter.go Add GetObject/GetObjects, ResetObject/ResetObjects (#92) 2020-01-21 08:36:27 +01:00
doc.go Restructure code base into smaller files (#15) 2019-05-03 23:54:09 +02:00
flowtable.go Flowtables implementation (#201) 2022-11-01 07:48:00 +01:00
go.mod Bump golang.org/x/net from 0.7.0 to 0.17.0 (#241) 2023-10-12 08:09:03 +02:00
go.sum Bump golang.org/x/net from 0.7.0 to 0.17.0 (#241) 2023-10-12 08:09:03 +02:00
nftables_test.go Add address field for expr tproxy (#231) 2023-07-10 08:38:01 +02:00
obj.go Fix incorrect netlink acknowledgement handling (#194) 2022-10-02 16:01:48 +02:00
rule.go Drop unnecessary table rewrite in GetRules() after 3e042f7 (#219) 2023-03-16 12:38:54 +01:00
set.go Fix dropped error (#240) 2023-09-16 08:51:22 +02:00
set_test.go Fix getting concatenated data types for maps (#217) 2023-04-02 10:11:12 +02:00
table.go Added dynset exprs support (#173) 2022-07-29 18:32:59 +02:00
util.go Restructure code base into smaller files (#15) 2019-05-03 23:54:09 +02:00

README.md

Build Status GoDoc

This is not the correct repository for issues with the Linux nftables project! This repository contains a third-party Go package to programmatically interact with nftables. Find the official nftables website at https://wiki.nftables.org/

This package manipulates Linux nftables (the iptables successor). It is implemented in pure Go, i.e. does not wrap libnftnl.

This is not an official Google product.

Breaking changes

This package is in very early stages, and only contains enough data types and functions to install very basic nftables rules. It is likely that mistakes with the data types/API will be identified as more functionality is added.

Contributions

Contributions are very welcome!