summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* common: add batching interfacesPablo Neira Ayuso2014-08-143-0/+98
| | | | | | | | | | | | | | This patch adds the following new interfaces: int nft_batch_is_supported(void); void nft_batch_begin(char *buf, uint32_t seq); void nft_batch_end(char *buf, uint32_t seq); Quite likely this is going to be reused by third party applications requiring to put things in the batch. We already have potential clients for this code in nft and iptables-compat. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set_elem: add nft_set_elems_nlmsg_build_payload_iter()Pablo Neira Ayuso2014-07-253-11/+79
| | | | | | | | | This new interface allows you to put as many set elements as possible into a netlink message. The iterator stores the last element that has fit into a netlink message, so you can continue adding more set elements across several netlink messages. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-set-add: use batch infraestructureArturo Borrero2014-07-241-44/+84
| | | | | | | | It uses the existing nfnl batching approach using the generic mnl netlink message batching infrastructure. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add support for set mechanism selectionArturo Borrero2014-07-243-3/+167
| | | | | | | | | | This patch adds support to select the set mechanism. The kernel support was added in commit: c50b960 netfilter: nf_tables: implement proper set selection Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: stricter netlink attribute length validationPablo Neira Ayuso2014-07-2026-229/+128
| | | | | | | | | | | | If the kernel sends us different data length for a given attribute, stop further processing and indicate that an ABI breakage has ocurred. This is an example of the (hypothetical) message that is shown in that case: nf_tables kernel ABI is broken, contact your vendor. table.c:214 reason: Numerical result out of range Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: log: define variable flags in xml parserÁlvaro Neira Ayuso2014-07-151-1/+1
| | | | | | | | | | | In the xml parser, we have used a variable flags for parsing it but we have forgot define it. This patch solves a compile error like: expr/log.c:263:12: error: 'flags' undeclared (first use in this function) Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: log: add support for level and flagsPablo Neira Ayuso2014-07-013-6/+91
| | | | | | This is required by changes scheduled for Linux kernel 3.17. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Do not print unset attributes in jsonAna Rey2014-06-301-71/+95
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Rename variables in nft_jansson_parse_chain functionsAna Rey2014-06-301-32/+32
| | | | | | | Renames some variables for code readability reasons. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Do not print unset attributes in xmlAna Rey2014-06-301-46/+77
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Add all support of use attributeAna Rey2014-06-301-6/+18
| | | | | | | | | Add set, unset, get, parse and build payload implementation for use value. These changes are neeeded for a correct import/export of xml/json file Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: Do not print unset values in json fileAna Rey2014-06-301-22/+42
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: Do not print unset values in xml fileAna Rey2014-06-301-13/+34
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: Add set, unset and parse implementation for the use attributeAna Rey2014-06-301-6/+12
| | | | | | | | | Add some parts of the implemention of 'use' vualue in table that miss it. These changes are neeeded for a correct import/export of xml/json file Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: Use nft_table_attr_set_* in the xml functionsAna Rey2014-06-301-13/+5
| | | | | | | Code refactoring to use nft_table_attr_set_* in parse xml functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: Free memory in the same function that is reservedAna Rey2014-06-301-8/+9
| | | | | | | Free memory in the same function that is reserved. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-301-37/+16
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Free memory in the same function that is reservedAna Rey2014-06-301-18/+18
| | | | | | | Free memory in the same function that is reserved. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* bump version to 1.0.2libnftnl-1.0.2Pablo Neira Ayuso2014-06-251-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: match: Do not print unset values in json fileAna Rey2014-06-241-7/+6
| | | | | | | It changes the parse and snprintf functions json to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: match: Do not print unset values in xml fileAna Rey2014-06-241-6/+6
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: match: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-241-5/+1
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: match: get a nft_rule_expr type in nft_rule_expr_match_snprintf_* ↵Ana Rey2014-06-241-4/+6
| | | | | | | | | | | | functions Code refactoring in nft_rule_expr_match_snprintf_* functions to get a nft_rule_expr type instead of nft_expr_match type. The nft_rule_expr type is needed to check information into flags variables. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: lookup: Do not print unset values in json fileAna Rey2014-06-241-19/+19
| | | | | | | It changes the parse functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: lookup: Do not print unset values in xml fileAna Rey2014-06-241-14/+16
| | | | | | | It changes the parse functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: lookup: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-241-15/+7
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: exthdr: Do not print unset values in jsonAna Rey2014-06-241-25/+39
| | | | | | | It changes the parse and the snprint functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: exthdr: Do not print unset values in xmlAna Rey2014-06-241-23/+34
| | | | | | | It changes the parse and the snprint functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: exthdr: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-241-16/+8
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: exthdr: Add nft_rule_expr_exthdr_snprinf_* functionsAna Rey2014-06-241-18/+38
| | | | | | | | | | | | Code refactoring in nft_rule_expr_exthdr functions. This patch adds three new functions: * nft_rule_expr_exthdr_snprinf_default * nft_rule_expr_exthdr_snprinf_xml * nft_rule_expr_exthdr_snprinf_json Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: counter: Do not print unset values in jsonAna Rey2014-06-241-10/+21
| | | | | | | It changes the parse and the snprint functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: counter: Do not print unset values in xmlAna Rey2014-06-241-11/+16
| | | | | | | It changes the parse and the snprint functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: counter: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-241-7/+5
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: counter: Add nft_rule_expr_counter_snprinf_* functionsAna Rey2014-06-241-9/+31
| | | | | | | | | | | | Code refactoring in nft_rule_expr_counter_snprinf functions. This patch adds three new functions: * nft_rule_expr_counter_snprinf_default * nft_rule_expr_counter_snprinf_xml * nft_rule_expr_counter_snprinf_json Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: ct: Do not parse unset values in jsonAna Rey2014-06-241-23/+7
| | | | | | | It changes the parse functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: ct: Delete the last comma character in json textAna Rey2014-06-241-2/+3
| | | | | | | Code refactoring to delete correctly the last comma character in json text. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: ct: Do not print unset values in xml fileAna Rey2014-06-241-18/+12
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: ct: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-241-14/+8
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: nat: add helper function to translate nat types to stringArturo Borrero2014-06-231-23/+17
| | | | | | | This patch adds a helper functon to translate nat types to string. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: cmp: Do not print unset values in json fileAna Rey2014-06-231-20/+21
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: cmp: Do not print unset values in xml fileAna Rey2014-06-231-17/+22
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: cmp: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-231-8/+4
| | | | | | | Code refactoring to use nft_rule_expr_cmp_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: cmp: Get a nft_rule_expr type in nft_rule_expr_cmp_snprintf_* functionsAna Rey2014-06-231-12/+12
| | | | | | | | Code refactoring in nft_rule_expr_cmp_snprintf_* functions to get a nft_rule_expr type instead of nft_expr_cmp type. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: byteorder: Do not print unset values in jsonAna Rey2014-06-231-32/+42
| | | | | | | | | It changes the parse and the snprint functions to omit unset values. Now, This part of a json file is gotten without unset elements. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: byteorder: Rename variables in nft_rule_expr_byteorder_json_parse ↵Ana Rey2014-06-231-9/+9
| | | | | | | | | functions Renames some variables for code readability reasons. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: byteorder: Do not print unset values in xml fileAna Rey2014-06-231-29/+39
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: byteorder: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-231-23/+14
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: byteorder: Get a nft_rule_expr type in ↵Ana Rey2014-06-231-18/+13
| | | | | | | | | | nft_rule_expr_byteorder_snprintf_* functions Code refactoring in nft_rule_expr_byteorder_snprintf_* functions to get a nft_rule_expr type instead of nft_expr_byorder type. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: target: Do not print unset values in json fileAna Rey2014-06-231-6/+6
| | | | | | | It changes the parse and snrintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: target: Do not print unset values in xml fileAna Rey2014-06-231-6/+6
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>