summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* set_elem: fix nft_set_elem_attr_get with NFT_SET_ELEM_ATTR_CHAINPablo Neira Ayuso2013-06-191-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set_elem: fix wrong flags setting in nft_set_elems_parse2Pablo Neira Ayuso2013-06-191-3/+4
| | | | | | Set element object flags instead of set flags. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add missing set/unset support for NFT_SET_ATTR_DATA_[TYPE|LEN]Pablo Neira Ayuso2013-06-192-2/+10
| | | | | | While at it, use fixed length uint32_t instead of size_t. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: xml: don't print target and match infoArturo Borrero2013-06-182-22/+2
| | | | | | | | This is binary layout of the iptables target/match, we can do nothing with it at this moment. Let's get rid of it. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: unset chain & rule handleArturo Borrero2013-06-182-0/+2
| | | | | | | Use _unset functions to delete handle so test don't fail. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: xml: delete trailing spaceArturo Borrero2013-06-171-1/+1
| | | | | | | This patch fixes a trailing space in rule xml_snprintf. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nat: xml: fix crash during parsing if non-mandatory element is not presentArturo Borrero Gonzalez2013-06-171-4/+4
| | | | | Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nat: xml: fix wrong offset in snprintfArturo Borrero2013-06-171-4/+6
| | | | | | | | This patch fixes the buffer offset of the nat snprintf function so elements are properly printed. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: bitwise: xml: fix wrong castingArturo Borrero2013-06-171-1/+1
| | | | | | | Introduced in (51370f0 src: add support for XML parsing) Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: fix nft_set_attr_get with NFT_SET_ATTR_KEY_FLAGSPablo Neira Ayuso2013-06-171-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set_elem: fix wrong flags set for NFT_SET_ELEM_ATTR_FLAGSPablo Neira Ayuso2013-06-171-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: set NFT_*_ATTR_FAMILY in nft_*_parse functionPablo Neira Ayuso2013-06-173-0/+8
| | | | | | This attribute was not approapriately set in most cases. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: fix nft_chain_attr_set_strPablo Neira Ayuso2013-06-171-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* include: add stdbool.h to libnftables/expr.hPablo Neira Ayuso2013-06-171-0/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: constify first parameter of all nft_*_getPablo Neira Ayuso2013-06-1720-36/+47
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add NFT_SET_ATTR_FAMILYPablo Neira Ayuso2013-06-173-0/+6
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add nft_*_attr_is_setPablo Neira Ayuso2013-06-1712-0/+55
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add nft_*_list_foreachPablo Neira Ayuso2013-06-1710-0/+113
| | | | | | This patch adds a simplied iterator interface. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add limitPablo Neira Ayuso2013-06-134-0/+221
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add byteorderPablo Neira Ayuso2013-06-124-0/+359
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add ctPablo Neira Ayuso2013-06-124-0/+256
| | | | | | This patch adds the ct expression. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add exthdrPablo Neira Ayuso2013-06-114-0/+302
| | | | | | | This patch adds support for the exthdr expression of nftables that is implemented in linux/net/netfilter/nft_exthdr.c Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: fix missing interlibrary dependencyPablo Neira Ayuso2013-06-111-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add log expressionPablo Neira Ayuso2013-06-104-0/+291
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-chain-get: export in JSON formatAlvaro Neira Ayuso2013-06-081-1/+4
| | | | | Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: add function to export tables in JSON formatAlvaro Neira Ayuso2013-06-083-0/+29
| | | | | Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set_elem: add NFT_SET_ELEM_ATTR_DATA to set data for mappingPablo Neira Ayuso2013-06-082-0/+22
| | | | | | | | We need this new attribute to configure the data that is attached to an element. This is useful for the mapping feature to retrieve data based on keys (like a dictionary) that nftables provides. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* data_reg: xml: delete unreachable code in _veredict_xml_parse()Arturo Borrero Gonzalez2013-06-081-2/+0
| | | | | | | Similar to commit 414ac29. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: fix nft_*_unset function attribute that don't release dataPablo Neira Ayuso2013-06-075-0/+26
| | | | | | | | | | | In (dde2039 src: add nft_*_unset functions), I mangled Arturo's patch to add a default case, but he was intentionally not adding it to unset attributes that require no memory releases. I prefered to add the attributes explicitly in the switch rather on failing back on the default action. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add nft_*_unset functionsArturo Borrero Gonzalez2013-06-0710-1/+126
| | | | | | | | These functions unset the given attribute in each object and release the data if needed. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-table-get: export in JSON formatAlvaro Neira Ayuso2013-06-071-0/+4
| | | | | Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: add function to export tables in JSON formatAlvaro Neira Ayuso2013-06-073-0/+20
| | | | | Signed-off-by: Alvaro Neira <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: xml: add versioningArturo Borrero Gonzalez2013-06-064-7/+50
| | | | | | | Add version to XML chunks in case of future changes. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-rule-add: fix compilation warningPablo Neira Ayuso2013-06-051-1/+1
| | | | | | | | CC nft-rule-add.o nft-rule-add.c:105:13: warning: ‘add_payload’ defined but not used [-Wunused-function] Reported-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-rule-add: remove unexistent libnftables/payload.h includePablo Neira Ayuso2013-06-051-1/+0
| | | | | Reported-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: immediate: fix display of dreg expressionEric Leblond2013-06-051-1/+1
| | | | | Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-events: add newline to outputEric Leblond2013-06-051-3/+3
| | | | | | | | | This patch adds a new line to messages to be sure that they are printed to the shell as soon as they occur. This also fixes the display of output. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: fix bad offset returned by _snprintfArturo Borrero Gonzalez2013-06-051-2/+2
| | | | | | | Noted while calling _snprintf functions consecutively. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* data_reg: xml: delete unreachable codeArturo Borrero Gonzalez2013-06-051-2/+0
| | | | | Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* data_reg: xml: fix using bad temp variableArturo Borrero Gonzalez2013-06-051-1/+1
| | | | | | | It should use 'utmp' instead of 'tmp'. Signed-off-by: Arturo Borero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* data_reg: remove conditional XML printing if parsing is disabledArturo Borrero Gonzalez2013-05-291-5/+0
| | | | | | | XML printing is supported even if XML parsing is not enabled. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* data_reg: Delete trailing space in snprintf_xmlArturo Borrero Gonzalez2013-05-291-3/+3
| | | | | | | A minor cosmetic change. Delete the space before '>'. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: fix table flag not being set at XML parsingArturo Borrero Gonzalez2013-05-291-0/+1
| | | | | | | Added in (51370f0 src: add support for XML parsing). Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: delete useless castingsArturo Borrero2013-05-263-6/+6
| | | | | | | These casting were useless. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: XML parsing examplesArturo Borrero Gonzalez2013-05-2310-18/+803
| | | | | | | | | | | | | | | | | | | | Some code snipplets to add tables/chain/rules using the XML representation. The examples contains: * A binary to parse/add the object using libnftables. * A shellscript to easily call that binary, doing some tests. * table/chain/rule sample XML file. I included my name in new files, but I don't know if this is correct. Please let me know. Instructions: $ cd examples/ ; make nft-table-xml-add # cd test/ ; ./nft-table-xml-add.sh NOTE: Some kernel changes are required to allow reinsert exactly what is printed (handle handling, flags..) Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add support for XML parsingArturo Borrero Gonzalez2013-05-2322-9/+1592
| | | | | | | | | | | | | | | | | | | This patch adds capabilities for parsing a XML table/chain/rule. Some comments: * The XML data is case sensitive (so <chain>asd</chain> != <chain>ASD</chain> != <CHAIN>asd</CHAIN>) * All exported functions receive XML and return an object (table|chain|rule). * To compile the lib with XML parsing support, run './configure --with-xml-parsing' * XML parsing is done with libmxml (http://minixml.org). XML parsing depends on this external lib, this dependency is optional at compile time. NOTE: expr/target and expr/match binary data are exported. [ Fixed to compile without --with-xml-parsing --pablo ] Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com>
* map: fix missing nft_rule_expr_build_payload exportTomasz Bursztyka2013-05-161-0/+1
| | | | | | | Update .map file to include it, otherwise it's not exported. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: remove non implemented functionTomasz Bursztyka2013-05-161-2/+0
| | | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: declare nft_rule_list structure at a proper placeTomasz Bursztyka2013-05-161-0/+2
| | | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: add an autogen.sh scriptTomasz Bursztyka2013-05-161-0/+4
| | | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>