| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
I have added the parameter family in the example nft-rule-get.
Signed-off-by: Alvaro Neira Ayuso Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This program can insert a rule after a rule given by
its handle.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
So far, it was only possible to create base chains. This patch
allows you to create custom chains as well.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
So far, it was restricted to AF_INET.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
While at it, convert all examples to use NFPROTO_*.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Thus, automodule loading was not working.
While at it, apply not so relevant comestic cleanups and fix some
inconsistencies between examples.
* Fix copyright header, this is code heavily based on existing
nft-*-add examples.
* Remove unrequired extern struct nft_table definition.
* Make sure we close file descriptor once we don't need it anymore.
* Remove unrequired casting.
* Remove comment that provides nothing interesting.
I considered a patch to address each on those was too much burden.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Remove it from the example files, we don't need it. There is no explicit
reference to any of the libmxml functions in those files, so the linker
does not need that library.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch adds XML output for sets.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch allows you to dump set and their content in json format.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
By specifying 'json' as first parameter.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch add a testbench for XML parsing, which may be extended
to test JSON as well.
To use it:
$ cd test/
$ make nft-parsing-test
$ ./nft-parsing-test xmlfiles/
This testbench supersedes old .sh test scripts, so they are deleted.
[ I have mangled this patch to rename/mangle files, to colorize the
test output and not to compile XML inconditionally --pablo ]
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Use _unset functions to delete handle so test don't fail.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
CC nft-rule-add.o
nft-rule-add.c:105:13: warning: ‘add_payload’ defined but not used [-Wunused-function]
Reported-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Reported-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
This patch adds a new line to messages to be sure that they are
printed to the shell as soon as they occur. This also fixes the
display of output.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some code snipplets to add tables/chain/rules using the XML representation.
The examples contains:
* A binary to parse/add the object using libnftables.
* A shellscript to easily call that binary, doing some tests.
* table/chain/rule sample XML file.
I included my name in new files, but I don't know if this is correct. Please let me know.
Instructions:
$ cd examples/ ; make nft-table-xml-add
# cd test/ ; ./nft-table-xml-add.sh
NOTE: Some kernel changes are required to allow reinsert exactly what is printed (handle handling, flags..)
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
The caller should add it in case it needs it.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Missing NLM_F_CREATE, otherwise the automatic handle allocation
returns -EINVAL.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To show an instance of this patch:
(shell)$ ./nft-table-get xml
<table name="filter" >
<properties>
<family value="2" />
<flags value="5" table_flags="0" />
</properties>
</table>
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.co
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
This patch includes iterators and several examples.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Including examples.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Now we add a non-dormant table which is not active. We can add
chains and rules to it that would not have any effect. Once we
change the flag to wake it up, the rule-set becomes active.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
5c4d30c nf_tables: use 64-bits rule handle instead of 16-bits
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This utility allows to consult x_tables match/target revisions supported
via the nft_compat layer.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
It adds support for table, chain and rule handling.
This also includes expression handling for each rule.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
