d27cc52f15
Fix the marshall of the hash seed to be conditional, only if it is explicitly set, we need to add it to the kernel as stated on the libnftl and nftables projects. Refence: https://git.netfilter.org/nftables/tree/src/netlink_linearize.c?id=25e7b99cc450490c38becb03d8bddd0199cfd3f9#n174 Otherwise, having a hash expression similar to this: ``` ip daddr set jhash tcp sport mod 2 seed 0x0 map { 0 : 192.168.0.1, 1 : 192.168.2.2 } ``` end up setting only the first IP and ignoring the second one. Signed-off-by: Rafael Campos <methril@gmail.com> |
||
|---|---|---|
| .github/workflows | ||
| alignedbuff | ||
| binaryutil | ||
| expr | ||
| internal | ||
| userdata | ||
| xt | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| README.md | ||
| chain.go | ||
| compat_policy.go | ||
| compat_policy_test.go | ||
| conn.go | ||
| counter.go | ||
| doc.go | ||
| flowtable.go | ||
| go.mod | ||
| go.sum | ||
| nftables_test.go | ||
| obj.go | ||
| rule.go | ||
| set.go | ||
| set_test.go | ||
| table.go | ||
| util.go | ||
README.md
This is not the correct repository for issues with the Linux nftables project! This repository contains a third-party Go package to programmatically interact with nftables. Find the official nftables website at https://wiki.nftables.org/
This package manipulates Linux nftables (the iptables successor). It is implemented in pure Go, i.e. does not wrap libnftnl.
This is not an official Google product.
Breaking changes
This package is in very early stages, and only contains enough data types and functions to install very basic nftables rules. It is likely that mistakes with the data types/API will be identified as more functionality is added.
Contributions
Contributions are very welcome!