| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These functions are not very useful, rule comparison from this layer
does not work well with implicit set definitions.
This infrastructure was added as an attempt to support for deletion by
name from this layer, which should be done from higher level libnftables
library. Finally, we never had a client for this code in
git.netfilter.org.
Let's remove it and bump libversion for safety reasons.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Rolf Eike Beer <eike@sf-mail.de> reported that nft-expr_quota-test fails
with a SIGBUS on SPARC due to unaligned accesses. This patch resolves
that and fixes additional sources of unaligned accesses matching the
same pattern. Both nft-expr_quota-test and nft-expr_objref-test
generated unaligned accesses on DEC Alpha.
Bug: https://bugs.gentoo.org/666448
Signed-off-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
We have better json support in libnftables these days.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
->snprintf() is always called via nftnl_expr_snprintf() wrapper, which
is already dealing with this corner case for us.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
In _snprintf() functions definition the buffer is null terminated.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
SNPRINTF_BUFFER_SIZE() macro declaration and definition is changed so
that it accepts three arguments ret, remain and offset. Parameters size
and len are not required instead parameter remain keeps track of
available space in the buffer.
Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add const qualifiers to the "to string" translation arrays used by
various *2str() functions.
This fixes GCC warnings such as the following when compiling with
-Wwrite-strings:
expr/byteorder.c:176:25: warning: initialization discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
In order to catch these in the future, also add -Wwrite-strings to
default CFLAGS.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes the libmxml integration in libnftnl, since we have
JSON in place and there is no need to support two at the same time.
The JSON support is much better, for example libjansson has a better
parsing error reporting.
Moreover, libmxml 2.10 breaks the integration with libnftnl somehow,
as reported in Debian bug #83870 [0].
Also, the XML support inside libnftnl has never been in good shape, with
several tiny inconsitencies.
[0] https://bugs.debian.org/838370
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch implements the function:
bool nftnl_rule_cmp(const struct nftnl_rule *r1,
const struct nftnl_rule *r2)
for rule comparison.
Expressions within rules need to be compared, so also has been created the
function:
bool nftnl_expr_cmp(const struct nftnl_expr *e1,
const struct nftnl_expr *e2);
Also includes all expression comparators.
Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
nft already assumes that passing NULL as data_len is valid, otherwise
it crashes. Fix this by leave data_len unset in this specific case.
Fixes: bda7102 ("src: Fix nftnl_*_get_data() to return the real attribute length")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
All getters must set the memory size of the attributes, ie. this
includes the nul-termination in strings.
For references to opaque objects hidden behind the curtain, report
a zero size.
Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
And pass up an error to the caller.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
flow table support needs constant object arguments to printing functions
to avoid ugly casts. While at it, also constify object arguments to message
construction, destructor and a few helper functions.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Unfortunately libnftnl restricts the set names in the lookup and dynset
expressions to 16 bytes. Remove this restriction so this can work with
the upcoming 4.7 Linux kernel.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Use a shorter name for this, morever this can be used from sets so the _rule_
is misleading.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
So we can use the nft_* prefix anytime soon for our upcoming higher level
library.
After this patch, the nft_* symbols become an alias of the nftnl_* symbols.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Support expression templates for the dynset expression for dynamic
expression instantiation.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
expr/dynset.c: In function 'nft_rule_expr_dynset_json_parse':
expr/dynset.c:194:3: warning: implicit declaration of function 'nft_rule_expr_dynset_str' [-Wimplicit-function-declaration]
nft_rule_expr_dynset_str(e, NFT_EXPR_DYNSET_SET, set_name);
^
expr/dynset.c:194:31: error: 'NFT_EXPR_DYNSET_SET' undeclared (first use in this function)
nft_rule_expr_dynset_str(e, NFT_EXPR_DYNSET_SET, set_name);
^
expr/dynset.c:194:31: note: each undeclared identifier is reported only once for each function it appears in
expr/dynset.c:197:3: warning: implicit declaration of function 'nft_rule_expr_dynset_u32' [-Wimplicit-function-declaration]
nft_rule_expr_dynset_u32(e, NFT_EXPR_DYNSET_SREG, sreg);
^
expr/dynset.c:197:31: error: 'NFT_EXPR_DYNSET_SREG' undeclared (first use in this function)
nft_rule_expr_dynset_u32(e, NFT_EXPR_DYNSET_SREG, sreg);
^
expr/dynset.c:200:31: error: 'NFT_EXPR_DYNSET_DREG' undeclared (first use in this function)
nft_rule_expr_dynset_u32(e, NFT_EXPR_DYNSET_DREG, dreg);
^
expr/dynset.c: In function 'nft_rule_expr_dynset_xml_parse':
expr/dynset.c:220:31: error: 'NFT_EXPR_DYNSET_SET' undeclared (first use in this function)
nft_rule_expr_dynset_str(e, NFT_EXPR_DYNSET_SET, set_name);
^
expr/dynset.c:224:31: error: 'NFT_EXPR_DYNSET_SREG' undeclared (first use in this function)
nft_rule_expr_dynset_u32(e, NFT_EXPR_DYNSET_SREG, sreg);
^
expr/dynset.c:228:31: error: 'NFT_EXPR_DYNSET_DREG' undeclared (first use in this function)
nft_rule_expr_dynset_u32(e, NFT_EXPR_DYNSET_DREG, dreg);
^
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
