summaryrefslogtreecommitdiffstats
path: root/include/netlink.h
Commit message (Collapse)AuthorAgeFilesLines
* src: add rule batching supportPablo Neira Ayuso2013-09-231-0/+14
| | | | | | | | | | | | | | | | | | | | | | | This patch allows nft to put all rule update messages into one single batch that is sent to the kernel if `-f' option is used. In order to provide fine grain error reporting, I decided to to correlate the netlink message sequence number with the correspoding command sequence number, which is the same. Thus, nft can identify what rules trigger problems inside a batch and report them accordingly. Moreover, to avoid playing buffer size games at batch building stage, ie. guess what is the final size of the batch for this ruleset update will be, this patch collects batch pages that are converted to iovec to ensure linearization when the batch is sent to the kernel. This reduces the amount of unnecessary memory usage that is allocated for the batch. This patch uses the libmnl nlmsg batching infrastructure and it requires the kernel patch entitled (netfilter: nfnetlink: add batch support and use it from nf_tables). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* netlink: use uint32_t instead of size_t for attribute lengthPablo Neira Ayuso2013-09-191-2/+2
| | | | | | | According to libnftables change 437d610, now the length obtained via getter function is uint32_t, not size_t anymore. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: use libnftablesPablo Neira Ayuso2013-06-241-24/+43
| | | | | | | | | | | | | | | | | | | | | | | | | This patch migrates nft to use the libnftables library, that is used by the iptables over nftables compat utility as well. Most of the conversion was pretty straight forward. Some small significant changes happened in the handling of set element and immediate data abstraction that libnl provides. libnftables is a bit more granular since it splits the struct nfnl_nft_data into three attributes: verdict, chain and plain data (used in maps). I have added a new file src/mnl.c that contains the low level netlink communication that now resides in nftables source tree instead of the library. This should help to implement the batching support using libmnl in follow up patches. I also spent some significant amount of time running my tests to make sure that we don't increase the number of bugs that we already have (I plan to provide a list of those that I have detected and diagnosed, so anyone else can help us to fix them). As a side effect, this change should also prepare the ground for JSON and XML support anytime soon. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cmd/netlink: make sure we always have a location in netlink operationsPatrick McHardy2013-04-181-17/+34
| | | | | | Improve error reporting by always using a location in netlink operations. Signed-off-by: Patrick McHardy<kaber@trash.net>
* rule: add rule insertion (prepend) supportPatrick McHardy2012-12-141-1/+1
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* chains: add chain rename supportPatrick McHardy2012-12-141-0/+2
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* add support for new set API and standalone setsPatrick McHardy2009-07-281-0/+16
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* netlink: move data related functions to netlink.cPatrick McHardy2009-03-311-0/+11
| | | | | | | Move the data related function to netlink.c as they're going to be needed outside of rule context for set maintenance. Signed-off-by: Patrick McHardy <kaber@trash.net>
* Fix use of reserved names in header sandwichPatrick McHardy2009-03-181-3/+3
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* Initial commitv0.01-alpha1Patrick McHardy2009-03-181-0/+60
generated by cgit v1.2.3 (git 2.25.0) at 2024-11-14 06:41:46 +0000