summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* set: add support for set mechanism selectionArturo Borrero2014-07-243-3/+167
| | | | | | | | | | This patch adds support to select the set mechanism. The kernel support was added in commit: c50b960 netfilter: nf_tables: implement proper set selection Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: stricter netlink attribute length validationPablo Neira Ayuso2014-07-2026-229/+128
| | | | | | | | | | | | If the kernel sends us different data length for a given attribute, stop further processing and indicate that an ABI breakage has ocurred. This is an example of the (hypothetical) message that is shown in that case: nf_tables kernel ABI is broken, contact your vendor. table.c:214 reason: Numerical result out of range Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: log: define variable flags in xml parserÁlvaro Neira Ayuso2014-07-151-1/+1
| | | | | | | | | | | In the xml parser, we have used a variable flags for parsing it but we have forgot define it. This patch solves a compile error like: expr/log.c:263:12: error: 'flags' undeclared (first use in this function) Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: log: add support for level and flagsPablo Neira Ayuso2014-07-013-6/+91
| | | | | | This is required by changes scheduled for Linux kernel 3.17. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Do not print unset attributes in jsonAna Rey2014-06-301-71/+95
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Rename variables in nft_jansson_parse_chain functionsAna Rey2014-06-301-32/+32
| | | | | | | Renames some variables for code readability reasons. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Do not print unset attributes in xmlAna Rey2014-06-301-46/+77
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Add all support of use attributeAna Rey2014-06-301-6/+18
| | | | | | | | | Add set, unset, get, parse and build payload implementation for use value. These changes are neeeded for a correct import/export of xml/json file Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: Do not print unset values in json fileAna Rey2014-06-301-22/+42
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: Do not print unset values in xml fileAna Rey2014-06-301-13/+34
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: Add set, unset and parse implementation for the use attributeAna Rey2014-06-301-6/+12
| | | | | | | | | Add some parts of the implemention of 'use' vualue in table that miss it. These changes are neeeded for a correct import/export of xml/json file Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: Use nft_table_attr_set_* in the xml functionsAna Rey2014-06-301-13/+5
| | | | | | | Code refactoring to use nft_table_attr_set_* in parse xml functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: Free memory in the same function that is reservedAna Rey2014-06-301-8/+9
| | | | | | | Free memory in the same function that is reserved. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-301-37/+16
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Free memory in the same function that is reservedAna Rey2014-06-301-18/+18
| | | | | | | Free memory in the same function that is reserved. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* bump version to 1.0.2libnftnl-1.0.2Pablo Neira Ayuso2014-06-251-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: match: Do not print unset values in json fileAna Rey2014-06-241-7/+6
| | | | | | | It changes the parse and snprintf functions json to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: match: Do not print unset values in xml fileAna Rey2014-06-241-6/+6
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: match: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-241-5/+1
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: match: get a nft_rule_expr type in nft_rule_expr_match_snprintf_* ↵Ana Rey2014-06-241-4/+6
| | | | | | | | | | | | functions Code refactoring in nft_rule_expr_match_snprintf_* functions to get a nft_rule_expr type instead of nft_expr_match type. The nft_rule_expr type is needed to check information into flags variables. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: lookup: Do not print unset values in json fileAna Rey2014-06-241-19/+19
| | | | | | | It changes the parse functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: lookup: Do not print unset values in xml fileAna Rey2014-06-241-14/+16
| | | | | | | It changes the parse functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: lookup: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-241-15/+7
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: exthdr: Do not print unset values in jsonAna Rey2014-06-241-25/+39
| | | | | | | It changes the parse and the snprint functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: exthdr: Do not print unset values in xmlAna Rey2014-06-241-23/+34
| | | | | | | It changes the parse and the snprint functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: exthdr: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-241-16/+8
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: exthdr: Add nft_rule_expr_exthdr_snprinf_* functionsAna Rey2014-06-241-18/+38
| | | | | | | | | | | | Code refactoring in nft_rule_expr_exthdr functions. This patch adds three new functions: * nft_rule_expr_exthdr_snprinf_default * nft_rule_expr_exthdr_snprinf_xml * nft_rule_expr_exthdr_snprinf_json Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: counter: Do not print unset values in jsonAna Rey2014-06-241-10/+21
| | | | | | | It changes the parse and the snprint functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: counter: Do not print unset values in xmlAna Rey2014-06-241-11/+16
| | | | | | | It changes the parse and the snprint functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: counter: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-241-7/+5
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: counter: Add nft_rule_expr_counter_snprinf_* functionsAna Rey2014-06-241-9/+31
| | | | | | | | | | | | Code refactoring in nft_rule_expr_counter_snprinf functions. This patch adds three new functions: * nft_rule_expr_counter_snprinf_default * nft_rule_expr_counter_snprinf_xml * nft_rule_expr_counter_snprinf_json Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: ct: Do not parse unset values in jsonAna Rey2014-06-241-23/+7
| | | | | | | It changes the parse functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: ct: Delete the last comma character in json textAna Rey2014-06-241-2/+3
| | | | | | | Code refactoring to delete correctly the last comma character in json text. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: ct: Do not print unset values in xml fileAna Rey2014-06-241-18/+12
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: ct: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-241-14/+8
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: nat: add helper function to translate nat types to stringArturo Borrero2014-06-231-23/+17
| | | | | | | This patch adds a helper functon to translate nat types to string. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: cmp: Do not print unset values in json fileAna Rey2014-06-231-20/+21
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: cmp: Do not print unset values in xml fileAna Rey2014-06-231-17/+22
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: cmp: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-231-8/+4
| | | | | | | Code refactoring to use nft_rule_expr_cmp_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: cmp: Get a nft_rule_expr type in nft_rule_expr_cmp_snprintf_* functionsAna Rey2014-06-231-12/+12
| | | | | | | | Code refactoring in nft_rule_expr_cmp_snprintf_* functions to get a nft_rule_expr type instead of nft_expr_cmp type. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: byteorder: Do not print unset values in jsonAna Rey2014-06-231-32/+42
| | | | | | | | | It changes the parse and the snprint functions to omit unset values. Now, This part of a json file is gotten without unset elements. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: byteorder: Rename variables in nft_rule_expr_byteorder_json_parse ↵Ana Rey2014-06-231-9/+9
| | | | | | | | | functions Renames some variables for code readability reasons. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: byteorder: Do not print unset values in xml fileAna Rey2014-06-231-29/+39
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: byteorder: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-231-23/+14
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: byteorder: Get a nft_rule_expr type in ↵Ana Rey2014-06-231-18/+13
| | | | | | | | | | nft_rule_expr_byteorder_snprintf_* functions Code refactoring in nft_rule_expr_byteorder_snprintf_* functions to get a nft_rule_expr type instead of nft_expr_byorder type. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: target: Do not print unset values in json fileAna Rey2014-06-231-6/+6
| | | | | | | It changes the parse and snrintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: target: Do not print unset values in xml fileAna Rey2014-06-231-6/+6
| | | | | | | It changes the parse and snprintf functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: target: Use nft_rule_expr_set_* in the xml parsing codeAna Rey2014-06-231-4/+1
| | | | | | | Code refactoring to use nft_rule_expr_set_* in parse functions Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: target: get a nft_rule_expr type in nft_rule_expr_target_snprintf_* ↵Ana Rey2014-06-231-11/+10
| | | | | | | | | | | | | | functions Code refactoring in nft_rule_expr_target_snprintf_* functions to get a nft_rule_expr type instead of nft_expr_target type. The nft_rule_expr is needed to check information into flags variables. Moreover, It remanes some variables like 'tg' to 'target' for code readability reasons. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: payload: Do not print unset values in json fileAna Rey2014-06-231-27/+30
| | | | | | It changes the parse functions to omit unset values. Signed-off-by: Ana Rey <anarey@gmail.com>