nftables - nft command line tool

	Commit message (Collapse)	Author	Age	Files	Lines
*	main: enforce options before commands	Pablo Neira Ayuso	2019-12-18	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This patch turns on POSIXLY_CORRECT on the getopt parser to enforce options before commands. Users get a hint in such a case: # nft list ruleset -a Error: syntax error, options must be specified before commands nft list ruleset -a ^ ~~ This patch recovers 9fc71bc6b602 ("main: Fix for misleading error with negative chain priority"). Tests have been updated. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
*	tests: replace single element sets	Pablo Neira Ayuso	2019-05-31	1	-2/+2
\| \| \| \| \| \|	Add at least two elements to sets. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
*	Revert "tests: shell: avoid single-value anon sets"	Pablo Neira Ayuso	2019-05-24	1	-1/+1
\| \| \| \|	This reverts commit b7459b0c854fc7a0d6cd86151b81035a8edf8e63.
*	tests: shell: avoid single-value anon sets	Florian Westphal	2019-05-19	1	-1/+1
\| \| \| \| \| \| \|	Future change is going to auto-change them to simple compare ops rather than lookup in set with only one element. Signed-off-by: Florian Westphal <fw@strlen.de>
*	tests: shell: add quotes when using <<<-style here document	Florian Westphal	2018-06-08	1	-2/+2
\| \| \| \| \| \| \| \| \|	bash 4.3.30 removes newlines in RULESET when "" are omitted, which then causes nft -f to complain about invalid syntax. As a result, all test cases that use this here-doc style fail. Signed-off-by: Florian Westphal <fw@strlen.de>
*	tests: shell: add crash reproducer	Florian Westphal	2018-06-07	1	-0/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Two reports point to a crash in nft when 'flush' is provided on existing ruleset. In that case, nft will crash with a null-ptr dereference. "evaluate: do not inconditionally update cache from flush command" causes the commit to fail due to a cache inconsistency, we then trip over NULL location->indesc. Cause of 2nd bug not known yet, not sure how to fix cache issue either, so only adding reproducer so this can be fixed later. Without erec bug, the (errnoeous) error message would be Could not process rule: File exists Reported-by: Oleksandr Natalenko <oleksandr@natalenko.name> Reported-by: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Florian Westphal <fw@strlen.de>
*	Support 'nft -f -' to read from stdin	Phil Sutter	2018-03-20	1	-12/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	In libnftables, detect if given filename is '-' and treat it as the common way of requesting to read from stdin, then open /dev/stdin instead. (Calling 'nft -f /dev/stdin' worked before as well, but this makes it official.) With this in place and bash's support for here strings, review all tests in tests/shell for needless use of temp files. Note that two categories of test cases were intentionally left unchanged: - Tests creating potentially large rulesets to avoid running into shell parameter length limits. - Tests for 'include' directive for obvious reasons. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
*	tests: shell: fetch rule handle with '-a' option and then delete rule	Harsha Sharma	2018-01-25	1	-1/+2
\| \| \| \| \| \| \|	Fetch rule handle and then delete rule via that rule handle. Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
*	tests: shell: introduce the cache testcases directory	Arturo Borrero Gonzalez	2016-11-09	1	-0/+29
	This directory is for testcases related to the nft cache. Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>