summaryrefslogtreecommitdiffstats
path: root/src/obj
Commit message (Collapse)AuthorAgeFilesLines
* src: Use memcpy() to handle potentially unaligned dataMatt Turner2018-10-196-28/+28
| | | | | | | | | | | | Rolf Eike Beer <eike@sf-mail.de> reported that nft-expr_quota-test fails with a SIGBUS on SPARC due to unaligned accesses. This patch resolves that and fixes additional sources of unaligned accesses matching the same pattern. Both nft-expr_quota-test and nft-expr_objref-test generated unaligned accesses on DEC Alpha. Bug: https://bugs.gentoo.org/666448 Signed-off-by: Matt Turner <mattst88@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* obj: secmark: remove json stubPablo Neira Ayuso2018-10-151-22/+0
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove json supportPablo Neira Ayuso2018-10-156-205/+0
| | | | | | We have better json support in libnftables these days. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add support for new secmark objectChristian Göttsche2018-10-091-0/+159
| | | | | | | The new object will hold security context strings. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* obj: ct_timeout: don't skip zero value timeoutPablo Neira Ayuso2018-08-311-4/+3
| | | | | | It's a valid configuration, don't assume this means timeout is unset. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* obj: ct_timeout: use fixed size arrayPablo Neira Ayuso2018-08-311-23/+5
| | | | | | | | | Use an internal array and expose maximum size so we can just use the same array size for all protocol timeouts. This simplifies handling a bit and we don't need to set NFTNL_OBJ_CT_TIMEOUT_L4PROTO in first place. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* obj: ct_timeout: fix gcc4 build errorFlorian Westphal2018-08-211-1/+3
| | | | | | gcc 4.9 only allows for-loop initialisation declarations in C99 or C11 modes. Signed-off-by: Florian Westphal <fw@strlen.de>
* src: remove cttimeout.h leftoverPablo Neira Ayuso2018-08-141-1/+0
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add ct timeout supportHarsha Sharma2018-08-131-0/+368
| | | | | | | | Add support for ct timeout objects, used to assign connection tracking timeout policies. Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* obj: add tunnel supportPablo Neira Ayuso2018-08-061-0/+581
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: Buffer is null terminated.Varsha Rao2017-09-274-0/+12
| | | | | | | In _snprintf() functions definition the buffer is null terminated. Signed-off-by: Varsha Rao <rvarsha016@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: limit stateful object supportPablo M. Bermudo Garay2017-09-041-0/+238
| | | | | | | This patch adds support for a new type of stateful object: limit. Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: ct helper supportFlorian Westphal2017-03-161-0/+210
| | | | | | | | add support for ct helper objects, these are used to assign helpers to connections, similar to iptables -j CT --set-helper target. Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: support for stateful objectsPablo Neira Ayuso2016-12-092-0/+389
This patch allows you to add, to delete and to get stateful objects, this support two object types: counter and quota. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>