summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* build: add an autogen.sh scriptTomasz Bursztyka2013-05-161-0/+4
| | | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* git: add a .gitignore fileTomasz Bursztyka2013-05-161-0/+24
| | | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: add nft_chain_attr_set_strPablo Neira Ayuso2013-05-163-2/+10
| | | | | | And constify data passed to nft_chain_attr_set. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: add nft_table_attr_[set|table]_strPablo Neira Ayuso2013-05-163-0/+16
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: delete exporting internal flags in XMLArturo Borrero Gonzalez2013-05-032-5/+3
| | | | | | | | The uint32_t flags attribute is internal, so no need to export via XML. Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove trailing \n from all nft_*_snprintf functionsPablo Neira Ayuso2013-04-1911-13/+16
| | | | | | The caller should add it in case it needs it. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove trailing newlines, tabs and spaces from XML formatArturo Borrero Gonzalez2013-04-1913-47/+46
| | | | | | | | Delete all \n and \t from XML output, any reasonable XML viewer already does the nifty formatting for us. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: fix snprintf XML output offset for rule.Arturo Borrero Gonzalez2013-04-191-1/+1
| | | | | Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: rule: fix compat XML outputArturo Borrero Gonzalez2013-04-191-0/+7
| | | | | | | | The compat struct was not printed in XML. So, I think give output format is the first step to parse it. Signed-off-by: Arturo Borrero <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: basic support for printing nft_data_reg in XML formatArturo Borrero Gonzalez2013-04-195-43/+193
| | | | | | | | | | | | | | | | | | | | | | | | nft_data_reg now is printed in XML according to what it contains <data> nodes have been also renamed. Arturo Borrero Gonzalez says: ==================== cmp is using <cmpdata> <cmpdata> has <data_reg></data_reg> which can also be redundant. But all around the XML printing (including sets, an incoming patch) i've been nesting the data_reg into another XML node, so you could easily see (also the XML parser) the difference between (for example. in set) nft_set_elem->key and nft_set_elem->data. As I needed to nest in nft_set_elem I decided to follow a constant line and do nest all data_reg. ==================== Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: constify nft_*_attr_set and nft_*_attr_set_strPablo Neira Ayuso2013-04-148-13/+13
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: lookup: fix missing registrationPablo Neira Ayuso2013-04-141-0/+2
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: fix wrong symbol exportPablo Neira Ayuso2013-04-141-1/+1
| | | | | | Exported symbol should be nft_rule_attr_get_u32, not nft_rule_attr_get_u64. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: allow to get and to set NFT_*_ATTR_FAMILYArturo Borrero Gonzalez2013-04-023-0/+20
| | | | | | | | | | This patch adds support to get and set the attribute NFT_{TABLE|CHAIN|RULE}_ATTR_FAMILY. I found this useful when parsing a XML table|chain|rule (future patch). Signed-off-by: Arturo Borrero <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: match: Fix a typoArturo Borrero Gonzalez2013-04-021-2/+2
| | | | | Signed-off-by: Arturo Borrero <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: fix rule additionPablo Neira Ayuso2013-03-171-1/+2
| | | | | | | Missing NLM_F_CREATE, otherwise the automatic handle allocation returns -EINVAL. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: change XML output format to use element instead of attributesArturo Borrero Gonzalez2013-02-142-10/+11
| | | | | | | | | | | | | | | | | | | There are some problems in using attributes: * they cannot contain multiple values (child elements can) * they are not easily expandable (for future changes) * they cannot describe structures (child elements can) * they are more difficult to manipulate by program code * attribute values are not easy to test against a DTD Extracted from "XML Elements vs. Attributes" at: http://www.w3schools.com/dtd/dtd_el_vs_attr.asp For more information. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: match: Delete unused includesArturo Borrero Gonzalez2013-02-131-2/+0
| | | | | Signed-off-by: Arturo Borrero <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: add XML output for table/chain/ruleArturo Borrero Gonzalez2013-02-123-11/+29
| | | | | | | | | | | | | | | To show an instance of this patch: (shell)$ ./nft-table-get xml <table name="filter" > <properties> <family value="2" /> <flags value="5" table_flags="0" /> </properties> </table> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.co Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add XML output supportArturo Borrero Gonzalez2013-02-0816-36/+433
| | | | | Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add lookup expression for set-based lookupsPablo Neira Ayuso2013-02-073-0/+182
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add support to add elements to setsPablo Neira Ayuso2013-02-0510-18/+868
| | | | | | This patch includes iterators and several examples. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: complete supportPablo Neira Ayuso2013-02-036-45/+369
| | | | | | Including examples. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: add protocol and flags support for xtables over nftablesPablo Neira Ayuso2013-01-253-0/+99
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: add support for rule flagsPablo Neira Ayuso2013-01-234-2/+45
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: fix setting packet statisticsPablo Neira Ayuso2013-01-231-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: add nft_chain_list_delPablo Neira Ayuso2013-01-203-0/+8
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add type and flags to snprintf interfacePablo Neira Ayuso2013-01-1511-11/+20
| | | | | | | Propagate the type and flags parameter to the expressions, so we can implement outputs in different formats. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: Add a function to get rule's familyTomasz Bursztyka2013-01-133-0/+16
| | | | | | Add nft_rule_attr_get_u8 to obtain the family number. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
* include: update internal copy of headersPablo Neira Ayuso2012-12-304-18/+32
| | | | | | To get it in sync with the existing kernel code. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: support Patrick's chain rename approachPablo Neira Ayuso2012-12-293-15/+19
| | | | | | | Support the new approach for chain renaming based on the chain handle. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add initial supportPablo Neira Ayuso2012-12-245-1/+443
| | | | | | Add initial support for nf_tables native sets Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: Add support for NAT expressionsTomasz Bursztyka2012-11-165-4/+267
| | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
* examples: table: add example of dormant tablesPablo Neira Ayuso2012-11-113-0/+115
| | | | | | | | Now we add a non-dormant table which is not active. We can add chains and rules to it that would not have any effect. Once we change the flag to wake it up, the rule-set becomes active. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: add nft_table_attr_set_u32 and nft_table_attr_get_u32Pablo Neira Ayuso2012-11-113-0/+18
| | | | | | Useful to obtain recently added table flags. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: support NFTA_TABLE_FLAGSPablo Neira Ayuso2012-11-113-4/+32
| | | | | | | This patch adds support for the table flags, only one is possible at the moment (NFT_TABLE_F_DORMANT). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: use internal flags for attributePablo Neira Ayuso2012-11-081-6/+13
| | | | | | Fix missing use of internal flags for table objects in attributes. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: add support for chain typesPablo Neira Ayuso2012-11-043-2/+26
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: use 64-bits handle instead of 16-bitsPablo Neira Ayuso2012-11-034-17/+18
| | | | | | 5c4d30c nf_tables: use 64-bits rule handle instead of 16-bits Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Add support for NFTA_CHAIN_NEW_NAME attributeTomasz Bursztyka2012-11-013-0/+20
| | | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Handle fixed sized nameTomasz Bursztyka2012-11-012-8/+6
| | | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add bitwisePablo Neira Ayuso2012-10-294-0/+246
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: add nft-eventsPablo Neira Ayuso2012-10-142-0/+158
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* examples: add nft-compat-getPablo Neira Ayuso2012-10-144-2/+166
| | | | | | | This utility allows to consult x_tables match/target revisions supported via the nft_compat layer. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* initial version of libnftablesPablo Neira Ayuso2012-10-1147-0/+6204
It adds support for table, chain and rule handling. This also includes expression handling for each rule. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>