interesting
/
nftables
mirror of https://github.com/google/nftables.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
250 Commits 1 Branch 3 Tags 3.9 MiB
Go 100%
Go to file
Jan Schär 9a2862f48b
Receive replies in Flush (#309) 
Commit 0d9bfa4d18 added code to handle "overrun", but the commit is
very misleading. NLMSG_OVERRUN is in fact not a flag, but a complete
message type, so the (re&netlink.Overrun) masking makes no sense. Even
better, NLMSG_OVERRUN is never actually used by Linux.

The actual bug which the commit was attempting to fix is that Flush was
not receiving replies which the kernel sent for messages with the echo
flag. This change reverts that commit and instead adds code in Flush to
receive the replies.

I updated tests which simulate the kernel to generate replies.
 		2025-03-25 17:03:44 +01:00
.github/workflows Add integration tests for nftables package 2025-01-15 12:42:22 +01:00
alignedbuff alignedbuff: fix alignment test issue on 32-bit machines (#211) 2022-12-12 08:51:36 +01:00
binaryutil add int32 and string types to alignedbuff (#195) 2022-10-15 21:04:45 +02:00
expr fix unmarshalling of expr.Ct source register (#301) 2025-02-21 09:34:44 +01:00
integration Add integration tests for nftables package 2025-01-15 12:42:22 +01:00
internal Receive replies in Flush (#309) 2025-03-25 17:03:44 +01:00
userdata add support for comments in set elements (#293) 2025-01-15 09:36:42 +01:00
xt feat: add xt.Comment (#260) 2024-04-22 08:53:34 +02:00
CONTRIBUTING.md Initial commit 2018-05-24 22:09:26 -07:00
LICENSE Initial commit 2018-05-24 22:09:26 -07:00
README.md README: switch to GitHub actions badge 2021-05-14 17:48:51 +02:00
chain.go List table or chain by name (#258) 2024-04-14 11:19:27 +02:00
compat_policy.go Fix: add NFTA_RULE_COMPAT attribute (#207) 2022-12-08 09:05:15 +01:00
compat_policy_test.go Fix: add NFTA_RULE_COMPAT attribute (#207) 2022-12-08 09:05:15 +01:00
conn.go Receive replies in Flush (#309) 2025-03-25 17:03:44 +01:00
counter.go refactor nftable Object handling (NamedObj type) (#259) 2024-07-29 08:43:58 +02:00
doc.go Restructure code base into smaller files (#15) 2019-05-03 23:54:09 +02:00
flowtable.go Fix staticcheck issues (#266) 2024-08-11 10:00:48 +02:00
gen.go Use const instead of var where possible 2025-02-26 15:11:55 +01:00
go.mod go.{mod,sum}: update to latest x/ packages 2025-03-13 09:42:41 +01:00
go.sum go.{mod,sum}: update to latest x/ packages 2025-03-13 09:42:41 +01:00
monitor.go Implement AddGenerationalMonitor to deliver monitor events in batches (#283) 2024-11-09 12:07:36 +01:00
monitor_test.go Fix incorrect size check in NFGenMsg (#287) 2024-12-13 07:30:25 +01:00
nftables_test.go Receive replies in Flush (#309) 2025-03-25 17:03:44 +01:00
obj.go Use const instead of var where possible 2025-02-26 15:11:55 +01:00
quota.go Fix Fib parsing (#296) 2025-01-16 09:15:33 +01:00
rule.go Receive replies in Flush (#309) 2025-03-25 17:03:44 +01:00
set.go Improve safety of ID allocation (#307) 2025-03-13 10:38:46 +01:00
set_test.go set: Add set support for size specifier 2025-01-24 09:33:09 +01:00
table.go Use const instead of var where possible 2025-02-26 15:11:55 +01:00
util.go Fix incorrect size check in NFGenMsg (#287) 2024-12-13 07:30:25 +01:00
util_test.go NAT: prefix test 2024-01-12 21:30:04 +01:00

README.md

Build Status GoDoc

This is not the correct repository for issues with the Linux nftables project! This repository contains a third-party Go package to programmatically interact with nftables. Find the official nftables website at https://wiki.nftables.org/

This package manipulates Linux nftables (the iptables successor). It is implemented in pure Go, i.e. does not wrap libnftnl.

This is not an official Google product.

Breaking changes

This package is in very early stages, and only contains enough data types and functions to install very basic nftables rules. It is likely that mistakes with the data types/API will be identified as more functionality is added.

Contributions

Contributions are very welcome!