summaryrefslogtreecommitdiffstats
path: root/include/data_reg.h
Commit message (Collapse)AuthorAgeFilesLines
* set_elem: Validate nftnl_set_elem_set() parametersPhil Sutter2019-10-161-1/+1
| | | | | | | | | | | | | Copying from nftnl_table_set_data(), validate input to nftnl_set_elem_set() as well. Given that for some attributes the function assumes passed data size, this seems necessary. Since data size expected for NFTNL_SET_ELEM_VERDICT attribute is sizeof(uint32_t), change type of 'verdict' field in union nftnl_data_reg accordingly. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove nftnl_rule_cmp() and nftnl_expr_cmp()Pablo Neira Ayuso2018-10-241-2/+0
| | | | | | | | | | | | | | These functions are not very useful, rule comparison from this layer does not work well with implicit set definitions. This infrastructure was added as an attempt to support for deletion by name from this layer, which should be done from higher level libnftables library. Finally, we never had a client for this code in git.netfilter.org. Let's remove it and bump libversion for safety reasons. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: Implement rule comparisonCarlos Falgueras García2016-08-171-0/+3
| | | | | | | | | | | | | | | | | | | | This patch implements the function: bool nftnl_rule_cmp(const struct nftnl_rule *r1, const struct nftnl_rule *r2) for rule comparison. Expressions within rules need to be compared, so also has been created the function: bool nftnl_expr_cmp(const struct nftnl_expr *e1, const struct nftnl_expr *e2); Also includes all expression comparators. Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libnftnl: constify object arguments to various functionsPatrick McHardy2016-05-091-3/+5
| | | | | | | | | flow table support needs constant object arguments to printing functions to avoid ugly casts. While at it, also constify object arguments to message construction, destructor and a few helper functions. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: rename existing functions to use the nftnl_ prefixPablo Neira Ayuso2015-09-071-4/+4
| | | | | | | | | So we can use the nft_* prefix anytime soon for our upcoming higher level library. After this patch, the nft_* symbols become an alias of the nftnl_* symbols. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: immediate: fix leak in expression destroy pathPablo Neira Ayuso2015-08-181-0/+1
| | | | | | | | The verdict can be a chain string, make sure we release it when the expression is destroyed. This patch adds a new nft_free_data() for this purpose and use it from the immediate expression. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* data: increase maximum possible data sizePatrick McHardy2015-04-141-1/+2
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: split internal.h is smaller filesPablo Neira Ayuso2015-02-171-0/+31
The internal.h file started being a small file with private definitions. Its size has been increasing over time more and more, so let's split this in small header files that map to the corresponding class where the functions belong to. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>