| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
The compat struct was not printed in XML. So, I think give output
format is the first step to parse it.
Signed-off-by: Arturo Borrero <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nft_data_reg now is printed in XML according to what it contains
<data> nodes have been also renamed.
Arturo Borrero Gonzalez says:
====================
cmp is using <cmpdata> <cmpdata> has <data_reg></data_reg> which
can also be redundant.
But all around the XML printing (including sets, an incoming patch)
i've been nesting the data_reg into another XML node, so you could
easily see (also the XML parser) the difference between (for example.
in set) nft_set_elem->key and nft_set_elem->data.
As I needed to nest in nft_set_elem I decided to follow a constant
line and do nest all data_reg.
====================
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Exported symbol should be nft_rule_attr_get_u32, not nft_rule_attr_get_u64.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support to get and set the attribute
NFT_{TABLE|CHAIN|RULE}_ATTR_FAMILY.
I found this useful when parsing a XML table|chain|rule (future patch).
Signed-off-by: Arturo Borrero <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Arturo Borrero <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Missing NLM_F_CREATE, otherwise the automatic handle allocation
returns -EINVAL.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are some problems in using attributes:
* they cannot contain multiple values (child elements can)
* they are not easily expandable (for future changes)
* they cannot describe structures (child elements can)
* they are more difficult to manipulate by program code
* attribute values are not easy to test against a DTD
Extracted from "XML Elements vs. Attributes" at:
http://www.w3schools.com/dtd/dtd_el_vs_attr.asp
For more information.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Arturo Borrero <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To show an instance of this patch:
(shell)$ ./nft-table-get xml
<table name="filter" >
<properties>
<family value="2" />
<flags value="5" table_flags="0" />
</properties>
</table>
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.co
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This patch includes iterators and several examples.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Including examples.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Propagate the type and flags parameter to the expressions, so we can
implement outputs in different formats.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Add nft_rule_attr_get_u8 to obtain the family number.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
|
|
|
|
|
|
| |
To get it in sync with the existing kernel code.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Support the new approach for chain renaming based on the chain
handle.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Add initial support for nf_tables native sets
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
|
|
|
|
|
|
|
|
| |
Now we add a non-dormant table which is not active. We can add
chains and rules to it that would not have any effect. Once we
change the flag to wake it up, the rule-set becomes active.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Useful to obtain recently added table flags.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch adds support for the table flags, only one is possible
at the moment (NFT_TABLE_F_DORMANT).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Fix missing use of internal flags for table objects in attributes.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
5c4d30c nf_tables: use 64-bits rule handle instead of 16-bits
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This utility allows to consult x_tables match/target revisions supported
via the nft_compat layer.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
It adds support for table, chain and rule handling.
This also includes expression handling for each rule.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|