summaryrefslogtreecommitdiffstats
path: root/examples
Commit message (Collapse)AuthorAgeFilesLines
...
* examples: nft-events: use new events wrappersArturo Borrero2014-04-261-15/+31
| | | | | | | Let's use the new event wrappers in the events example. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: complete nft-events exampleArturo Borrero2014-04-071-0/+60
| | | | | | | | Complete nft-events example by adding a basic set & set_elem event notification. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: remove nft-rule-insert from Makefile.amPablo Neira Ayuso2014-03-281-3/+0
| | | | | | This example doesn't exist anymore. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-rule-del: removed printf rule functionÁlvaro Neira Ayuso2014-03-081-4/+0
| | | | | | | | | | | | | Removed this code because with that we have a strange output. Example: we have a rule with handle 4 and we execute nft-rule-del ip filter input 4 Output: unknown filter input 4 0 Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-rule-insert: fix and merge it to nft-rule-addÁlvaro Neira Ayuso2014-03-083-208/+12
| | | | | | | | Merged the example for inserting rules and fixed for using the correct header. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-rule-del: fix missing batching headersÁlvaro Neira Ayuso2014-03-081-4/+39
| | | | | | | | | Fix the example for deleting rules. Before this patch, the program tried to delete the rule without using the correct header. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: check if netlink parsing failsArturo Borrero2014-02-271-1/+2
| | | | | | | | We have to check if mnl_attr_parse() returns an error, which means that it failed to validate and retrieve the attributes. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* example: nft-rule-add: simplify examplePablo Neira Ayuso2014-02-271-57/+29
| | | | | | The nft_mnl_batch_talk() is overly complicated for a simple example that just adds one single rule. Simplify this to prepare the merge of nft-rule-insert, which looks very similar.
* Merge branch 'master' into next-3.14Pablo Neira Ayuso2014-02-0327-189/+283
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch includes changes to adapt this branch to the library rename that happened in the master branch. Conflicts: src/Makefile.am src/expr/cmp.c src/expr/ct.c src/expr/data_reg.c src/expr/meta.c tests/jsonfiles/01-table.json tests/jsonfiles/02-table.json tests/jsonfiles/64-ruleset.json tests/xmlfiles/01-table.xml tests/xmlfiles/02-table.xml
| * rename library to libnftnllibnftnl-1.0.0Pablo Neira Ayuso2014-01-2026-59/+59
| | | | | | | | | | | | We plan to use this library name for the higher layer library. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * src: new error reporting approach for XML/JSON parsersÁlvaro Neira Ayuso2014-01-067-14/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | I have added a new structure for reporting some errors in parser that we can't cover with errno. In this patch, we have three errors that we can't cover with errno: NFT_PARSE_EBADINPUT : Bad XML/JSON format in the input NFT_PARSE_EMISSINGNODE : Missing node in our input NFT_PARSE_EBADTYPE : Wrong type value in a node Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * examples: nft-rule-add: use existing batch infrastructurePablo Neira Ayuso2013-12-101-110/+147
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch reworks the existing example to add the rule: nft add rule ip filter input tcp dport 22 counter It uses the existing nfnl batching approach using the generic mnl netlink message batching infrastructure. It also removed the code that uses xtables compat code. Based on original patch by Arturo Borrero Gonzalez. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | examples: add nft-ruleset-getArturo Borrero2014-01-042-0/+393
| | | | | | | | | | | | | | | | | | | | This example prints the ruleset, using the ruleset API of nftables. The kernel patch c9c8e48 ("netfilter: nf_tables: dump sets in all existing families") is required. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | examples: nft-set-get: retrieve all sets via unspecArturo Borrero2014-01-041-1/+3
|/ | | | | | | | Other nftables objects are allowed to be dumped with NFPROTO_UNSPEC. With sets is also possible since kernel patch c9c8e48 ("netfilter: nf_tables: dump sets in all existing families"). Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
* src: unify parse and output typesÁlvaro Neira Ayuso2013-11-1413-32/+32
| | | | | | | | | Unify parse and output types that are redundant to all existing nftables objects. Thus, all NFT_*_O_[XML|JSON|DEFAULT] are merged into NFT_OUTPUT_[JSON|XML] and NFT_PARSE_[JSON|XML]. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-set-get: retrieve all sets per familyPablo Neira Ayuso2013-09-241-5/+6
| | | | | | | | | | | Likewise other nftables objects, this patch allows you to dump the sets per family. This is possible since kernel changes (netfilter: nf_tables: allow to dump all existing sets), we can get the full list of sets per family. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-{chain,rule,table}-get allows unspec familyPablo Neira Ayuso2013-09-053-3/+9
| | | | | | To obtain any table, chain and rule. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: Add nft-set-json-addÁlvaro Neira Ayuso2013-08-282-0/+120
| | | | | Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: Add nft-rule-json-addÁlvaro Neira Ayuso2013-08-202-0/+119
| | | | Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
* example: nft-rule-get: family parameter addedÁlvaro Neira Ayuso2013-08-091-6/+27
| | | | | | | I have added the parameter family in the example nft-rule-get. Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: Add nft-chain-json-addÁlvaro Neira Ayuso2013-07-312-0/+122
| | | | | Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: Add nft-table-json-addÁlvaro Neira Ayuso2013-07-252-0/+120
| | | | | Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: add insert rule exampleEric Leblond2013-07-192-0/+208
| | | | | | | | This program can insert a rule after a rule given by its handle. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-chain-add: allow to create custom chainsPablo Neira Ayuso2013-07-181-18/+23
| | | | | | | So far, it was only possible to create base chains. This patch allows you to create custom chains as well. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-chain-get: allow to list chain from all familiesPablo Neira Ayuso2013-07-181-23/+23
| | | | | | So far, it was restricted to AF_INET. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: add arp supportPablo Neira Ayuso2013-07-1815-60/+103
| | | | | | While at it, convert all examples to use NFPROTO_*. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-{table,chain,rule}-xml-add: fix missing NLM_F_CREATEPablo Neira Ayuso2013-07-103-20/+22
| | | | | | | | | | | | | | | | | | Thus, automodule loading was not working. While at it, apply not so relevant comestic cleanups and fix some inconsistencies between examples. * Fix copyright header, this is code heavily based on existing nft-*-add examples. * Remove unrequired extern struct nft_table definition. * Make sure we close file descriptor once we don't need it anymore. * Remove unrequired casting. * Remove comment that provides nothing interesting. I considered a patch to address each on those was too much burden. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: remove LIBXML_LIBS from LDADDPablo Neira Ayuso2013-07-101-21/+21
| | | | | | | | Remove it from the example files, we don't need it. There is no explicit reference to any of the libmxml functions in those files, so the linker does not need that library. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add xml outputArturo Borrero2013-07-062-2/+7
| | | | | | | This patch adds XML output for sets. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-table-get: add json supportÁlvaro Neira Ayuso2013-07-061-5/+22
| | | | | Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add json outputÁlvaro Neira Ayuso2013-07-062-10/+20
| | | | | | | This patch allows you to dump set and their content in json format. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: add JSON supportÁlvaro Neira Ayuso2013-06-291-1/+4
| | | | | | | By specifying 'json' as first parameter. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* test: add testbench for XMLArturo Borrero Gonzalez2013-06-273-102/+0
| | | | | | | | | | | | | | | | | | This patch add a testbench for XML parsing, which may be extended to test JSON as well. To use it: $ cd test/ $ make nft-parsing-test $ ./nft-parsing-test xmlfiles/ This testbench supersedes old .sh test scripts, so they are deleted. [ I have mangled this patch to rename/mangle files, to colorize the test output and not to compile XML inconditionally --pablo ] Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: unset chain & rule handleArturo Borrero2013-06-182-0/+2
| | | | | | | Use _unset functions to delete handle so test don't fail. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-chain-get: export in JSON formatAlvaro Neira Ayuso2013-06-081-1/+4
| | | | | Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-table-get: export in JSON formatAlvaro Neira Ayuso2013-06-071-0/+4
| | | | | Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-rule-add: fix compilation warningPablo Neira Ayuso2013-06-051-1/+1
| | | | | | | | CC nft-rule-add.o nft-rule-add.c:105:13: warning: ‘add_payload’ defined but not used [-Wunused-function] Reported-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-rule-add: remove unexistent libnftables/payload.h includePablo Neira Ayuso2013-06-051-1/+0
| | | | | Reported-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: nft-events: add newline to outputEric Leblond2013-06-051-3/+3
| | | | | | | | | This patch adds a new line to messages to be sure that they are printed to the shell as soon as they occur. This also fixes the display of output. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: XML parsing examplesArturo Borrero Gonzalez2013-05-237-18/+473
| | | | | | | | | | | | | | | | | | | | Some code snipplets to add tables/chain/rules using the XML representation. The examples contains: * A binary to parse/add the object using libnftables. * A shellscript to easily call that binary, doing some tests. * table/chain/rule sample XML file. I included my name in new files, but I don't know if this is correct. Please let me know. Instructions: $ cd examples/ ; make nft-table-xml-add # cd test/ ; ./nft-table-xml-add.sh NOTE: Some kernel changes are required to allow reinsert exactly what is printed (handle handling, flags..) Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove trailing \n from all nft_*_snprintf functionsPablo Neira Ayuso2013-04-195-5/+5
| | | | | | The caller should add it in case it needs it. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: fix rule additionPablo Neira Ayuso2013-03-171-1/+2
| | | | | | | Missing NLM_F_CREATE, otherwise the automatic handle allocation returns -EINVAL. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: add XML output for table/chain/ruleArturo Borrero Gonzalez2013-02-123-11/+29
| | | | | | | | | | | | | | | To show an instance of this patch: (shell)$ ./nft-table-get xml <table name="filter" > <properties> <family value="2" /> <flags value="5" table_flags="0" /> </properties> </table> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.co Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add support to add elements to setsPablo Neira Ayuso2013-02-054-0/+355
| | | | | | This patch includes iterators and several examples. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: complete supportPablo Neira Ayuso2013-02-034-0/+328
| | | | | | Including examples. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: table: add example of dormant tablesPablo Neira Ayuso2012-11-112-0/+106
| | | | | | | | Now we add a non-dormant table which is not active. We can add chains and rules to it that would not have any effect. Once we change the flag to wake it up, the rule-set becomes active. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: use 64-bits handle instead of 16-bitsPablo Neira Ayuso2012-11-031-1/+1
| | | | | | 5c4d30c nf_tables: use 64-bits rule handle instead of 16-bits Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: add nft-eventsPablo Neira Ayuso2012-10-142-0/+158
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: add nft-compat-getPablo Neira Ayuso2012-10-142-1/+144
| | | | | | | This utility allows to consult x_tables match/target revisions supported via the nft_compat layer. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* initial version of libnftablesPablo Neira Ayuso2012-10-1110-0/+1057
It adds support for table, chain and rule handling. This also includes expression handling for each rule. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>