summaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* set_elem: constify nft_set_elem_attr_get_strPablo Neira Ayuso2013-08-061-1/+1
| | | | | | | Should have been done in (ec75831 src: fully constify nft_*_get functions) Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: fully constify nft_*_get functionsPablo Neira Ayuso2013-08-062-2/+2
| | | | | | | | | We have several char * field that were not constify to avoid gcc compilation warnings when calling free. Since (99d2574 src: add xfree and use it), we can fully constify these objects fields without trouble. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Add json parser supportÁlvaro Neira Ayuso2013-07-311-0/+1
| | | | | | | Add function for parsing chains in format JSON. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add XML parsingArturo Borrero2013-07-261-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sets are now parsed, following this previous snprintf pattern: <set> <set_name>string</set_name> <set_table>table</set_table> <set_xml_version>int</set_xml_version> <set_flags>uint32_t</set_flags> <key_type>uint32_t</key_type> <key_len>size_t</key_len> <data_type>uint32_t</data_type> <data_len>size_t</data_len> <set_elem> <set_elem_flags>uint32_t</set_elem_flags> <set_elem_key> <data_reg type="value"> <len></len> <dataN></dataN> </data_reg> </set_elem_key> <set_elem_data> <data_reg type="xx"> [...] </data_reg> </set_elem_data> </set_elem> </set> Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: Add json parser supportÁlvaro Neira Ayuso2013-07-251-0/+1
| | | | | | | Add function for parsing tables in format JSON Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: constify parameter of nft_*_is_setEric Leblond2013-07-194-5/+5
| | | | | | | | The functions nft_*_attr_is_set() is doing no modification so it is possible to type it to const. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: add support for position attributeEric Leblond2013-07-192-0/+2
| | | | | | | | This patch adds support for position attribute which can be used to insert a rule at a given position. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add nft_*_list_add_tailPablo Neira Ayuso2013-07-164-0/+4
| | | | | | | This redefines the meaning of nft_*_list_add to prepend, before this patch it was appending, which was semantically wrong. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add nft_*_list_is_empty() functionsArturo Borrero2013-07-154-0/+4
| | | | | | | | | This functions check if a given nft_*_list is empty or not. I found this quite useful while working with a full ruleset. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* include: update include/linux/netfilter/nf_tables.hPablo Neira Ayuso2013-07-131-3/+211
| | | | | | Get it in sync with the current kernel tree. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add xml outputArturo Borrero2013-07-061-0/+1
| | | | | | | This patch adds XML output for sets. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add json outputÁlvaro Neira Ayuso2013-07-061-0/+5
| | | | | | | This patch allows you to dump set and their content in json format. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: consolidate XML parsing of expressions via nft_mxml_expr_parsePablo Neira Ayuso2013-07-041-0/+2
| | | | | | | | | Move common code for XML parsing of expressions to the new nft_mxml_expr_parse function. This patch reduces the XML parsing code in 300 LOC. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: Fix header inclusion for integer typesTomasz Bursztyka2013-07-031-0/+1
| | | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: support JSON format in chain, rule and expressionsÁlvaro Neira Ayuso2013-06-291-0/+1
| | | | | | | While at it, order possible switch cases of _snprintf. Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add nft_rule_expr_snprintfPablo Neira Ayuso2013-06-191-0/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* include: add stdbool.h to libnftables/expr.hPablo Neira Ayuso2013-06-171-0/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: constify first parameter of all nft_*_getPablo Neira Ayuso2013-06-172-10/+10
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add NFT_SET_ATTR_FAMILYPablo Neira Ayuso2013-06-171-0/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add nft_*_attr_is_setPablo Neira Ayuso2013-06-175-0/+13
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add nft_*_list_foreachPablo Neira Ayuso2013-06-174-0/+10
| | | | | | This patch adds a simplied iterator interface. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add limitPablo Neira Ayuso2013-06-131-0/+5
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add byteorderPablo Neira Ayuso2013-06-121-0/+8
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add ctPablo Neira Ayuso2013-06-121-0/+6
| | | | | | This patch adds the ct expression. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add exthdrPablo Neira Ayuso2013-06-111-0/+7
| | | | | | | This patch adds support for the exthdr expression of nftables that is implemented in linux/net/netfilter/nft_exthdr.c Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add log expressionPablo Neira Ayuso2013-06-101-0/+7
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: add function to export tables in JSON formatAlvaro Neira Ayuso2013-06-081-0/+1
| | | | | Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set_elem: add NFT_SET_ELEM_ATTR_DATA to set data for mappingPablo Neira Ayuso2013-06-081-0/+1
| | | | | | | | We need this new attribute to configure the data that is attached to an element. This is useful for the mapping feature to retrieve data based on keys (like a dictionary) that nftables provides. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add nft_*_unset functionsArturo Borrero Gonzalez2013-06-074-0/+5
| | | | | | | | These functions unset the given attribute in each object and release the data if needed. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: add function to export tables in JSON formatAlvaro Neira Ayuso2013-06-071-0/+1
| | | | | Signed-off-by: Alvaro Neira <alvaroneay@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add support for XML parsingArturo Borrero Gonzalez2013-05-233-0/+21
| | | | | | | | | | | | | | | | | | | This patch adds capabilities for parsing a XML table/chain/rule. Some comments: * The XML data is case sensitive (so <chain>asd</chain> != <chain>ASD</chain> != <CHAIN>asd</CHAIN>) * All exported functions receive XML and return an object (table|chain|rule). * To compile the lib with XML parsing support, run './configure --with-xml-parsing' * XML parsing is done with libmxml (http://minixml.org). XML parsing depends on this external lib, this dependency is optional at compile time. NOTE: expr/target and expr/match binary data are exported. [ Fixed to compile without --with-xml-parsing --pablo ] Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com>
* expr: remove non implemented functionTomasz Bursztyka2013-05-161-2/+0
| | | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: declare nft_rule_list structure at a proper placeTomasz Bursztyka2013-05-161-0/+2
| | | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: add nft_chain_attr_set_strPablo Neira Ayuso2013-05-161-1/+2
| | | | | | And constify data passed to nft_chain_attr_set. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: add nft_table_attr_[set|table]_strPablo Neira Ayuso2013-05-161-0/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: constify nft_*_attr_set and nft_*_attr_set_strPablo Neira Ayuso2013-04-144-7/+7
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add XML output supportArturo Borrero Gonzalez2013-02-083-0/+3
| | | | | Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add lookup expression for set-based lookupsPablo Neira Ayuso2013-02-071-0/+6
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add support to add elements to setsPablo Neira Ayuso2013-02-051-0/+41
| | | | | | This patch includes iterators and several examples. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: complete supportPablo Neira Ayuso2013-02-031-2/+2
| | | | | | Including examples. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: add protocol and flags support for xtables over nftablesPablo Neira Ayuso2013-01-252-0/+16
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: add support for rule flagsPablo Neira Ayuso2013-01-232-0/+9
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: add nft_chain_list_delPablo Neira Ayuso2013-01-201-0/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: Add a function to get rule's familyTomasz Bursztyka2013-01-131-0/+1
| | | | | | Add nft_rule_attr_get_u8 to obtain the family number. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
* include: update internal copy of headersPablo Neira Ayuso2012-12-302-18/+30
| | | | | | To get it in sync with the existing kernel code. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: support Patrick's chain rename approachPablo Neira Ayuso2012-12-292-2/+2
| | | | | | | Support the new approach for chain renaming based on the chain handle. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add initial supportPablo Neira Ayuso2012-12-242-1/+47
| | | | | | Add initial support for nf_tables native sets Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: Add support for NAT expressionsTomasz Bursztyka2012-11-162-4/+14
| | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
* examples: table: add example of dormant tablesPablo Neira Ayuso2012-11-111-0/+9
| | | | | | | | Now we add a non-dormant table which is not active. We can add chains and rules to it that would not have any effect. Once we change the flag to wake it up, the rule-set becomes active. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: add nft_table_attr_set_u32 and nft_table_attr_get_u32Pablo Neira Ayuso2012-11-111-0/+3
| | | | | | Useful to obtain recently added table flags. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>