| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch add a testbench for XML parsing, which may be extended
to test JSON as well.
To use it:
$ cd test/
$ make nft-parsing-test
$ ./nft-parsing-test xmlfiles/
This testbench supersedes old .sh test scripts, so they are deleted.
[ I have mangled this patch to rename/mangle files, to colorize the
test output and not to compile XML inconditionally --pablo ]
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Use _unset functions to delete handle so test don't fail.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
CC nft-rule-add.o
nft-rule-add.c:105:13: warning: ‘add_payload’ defined but not used [-Wunused-function]
Reported-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Reported-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
This patch adds a new line to messages to be sure that they are
printed to the shell as soon as they occur. This also fixes the
display of output.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some code snipplets to add tables/chain/rules using the XML representation.
The examples contains:
* A binary to parse/add the object using libnftables.
* A shellscript to easily call that binary, doing some tests.
* table/chain/rule sample XML file.
I included my name in new files, but I don't know if this is correct. Please let me know.
Instructions:
$ cd examples/ ; make nft-table-xml-add
# cd test/ ; ./nft-table-xml-add.sh
NOTE: Some kernel changes are required to allow reinsert exactly what is printed (handle handling, flags..)
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
The caller should add it in case it needs it.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Missing NLM_F_CREATE, otherwise the automatic handle allocation
returns -EINVAL.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To show an instance of this patch:
(shell)$ ./nft-table-get xml
<table name="filter" >
<properties>
<family value="2" />
<flags value="5" table_flags="0" />
</properties>
</table>
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.co
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
This patch includes iterators and several examples.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Including examples.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Now we add a non-dormant table which is not active. We can add
chains and rules to it that would not have any effect. Once we
change the flag to wake it up, the rule-set becomes active.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
5c4d30c nf_tables: use 64-bits rule handle instead of 16-bits
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This utility allows to consult x_tables match/target revisions supported
via the nft_compat layer.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
It adds support for table, chain and rule handling.
This also includes expression handling for each rule.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
