summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* expr: match: Fix a typoArturo Borrero Gonzalez2013-04-021-2/+2
| | | | | Signed-off-by: Arturo Borrero <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: change XML output format to use element instead of attributesArturo Borrero Gonzalez2013-02-142-10/+11
| | | | | | | | | | | | | | | | | | | There are some problems in using attributes: * they cannot contain multiple values (child elements can) * they are not easily expandable (for future changes) * they cannot describe structures (child elements can) * they are more difficult to manipulate by program code * attribute values are not easy to test against a DTD Extracted from "XML Elements vs. Attributes" at: http://www.w3schools.com/dtd/dtd_el_vs_attr.asp For more information. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: match: Delete unused includesArturo Borrero Gonzalez2013-02-131-2/+0
| | | | | Signed-off-by: Arturo Borrero <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add XML output supportArturo Borrero Gonzalez2013-02-0813-36/+430
| | | | | Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add lookup expression for set-based lookupsPablo Neira Ayuso2013-02-072-0/+176
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add support to add elements to setsPablo Neira Ayuso2013-02-055-18/+472
| | | | | | This patch includes iterators and several examples. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: complete supportPablo Neira Ayuso2013-02-031-43/+39
| | | | | | Including examples. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: add protocol and flags support for xtables over nftablesPablo Neira Ayuso2013-01-251-0/+83
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: add support for rule flagsPablo Neira Ayuso2013-01-232-2/+36
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: fix setting packet statisticsPablo Neira Ayuso2013-01-231-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: add nft_chain_list_delPablo Neira Ayuso2013-01-202-0/+7
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add type and flags to snprintf interfacePablo Neira Ayuso2013-01-1511-11/+20
| | | | | | | Propagate the type and flags parameter to the expressions, so we can implement outputs in different formats. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: Add a function to get rule's familyTomasz Bursztyka2013-01-132-0/+15
| | | | | | Add nft_rule_attr_get_u8 to obtain the family number. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
* include: update internal copy of headersPablo Neira Ayuso2012-12-302-0/+2
| | | | | | To get it in sync with the existing kernel code. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: support Patrick's chain rename approachPablo Neira Ayuso2012-12-291-13/+17
| | | | | | | Support the new approach for chain renaming based on the chain handle. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* set: add initial supportPablo Neira Ayuso2012-12-243-0/+396
| | | | | | Add initial support for nf_tables native sets Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: Add support for NAT expressionsTomasz Bursztyka2012-11-163-0/+253
| | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
* table: add nft_table_attr_set_u32 and nft_table_attr_get_u32Pablo Neira Ayuso2012-11-112-0/+15
| | | | | | Useful to obtain recently added table flags. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: support NFTA_TABLE_FLAGSPablo Neira Ayuso2012-11-111-4/+30
| | | | | | | This patch adds support for the table flags, only one is possible at the moment (NFT_TABLE_F_DORMANT). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* table: use internal flags for attributePablo Neira Ayuso2012-11-081-6/+13
| | | | | | Fix missing use of internal flags for table objects in attributes. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: add support for chain typesPablo Neira Ayuso2012-11-041-2/+24
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: use 64-bits handle instead of 16-bitsPablo Neira Ayuso2012-11-032-14/+15
| | | | | | 5c4d30c nf_tables: use 64-bits rule handle instead of 16-bits Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Add support for NFTA_CHAIN_NEW_NAME attributeTomasz Bursztyka2012-11-011-0/+18
| | | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* chain: Handle fixed sized nameTomasz Bursztyka2012-11-011-8/+4
| | | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expr: add bitwisePablo Neira Ayuso2012-10-293-0/+238
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* initial version of libnftablesPablo Neira Ayuso2012-10-1118-0/+3000
It adds support for table, chain and rule handling. This also includes expression handling for each rule. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>