| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
data_reg is unnecessarily long name and it always has to be
wrapped by another data node. This will allow us to represent
data not only as registers if needed.
Get rid of 'cmpdata' and 'immediatedata' too and use 'data'
instead to wrap 'reg' so these are consistent with the bitwise
expression. No reason for such specific tag per expression.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Test files without unset child element in set elements.
Signed-off-by: Ana Rey <anarey@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It deletes the immediatedata label in the structure of json and xml file.
Example of the old structure of xmlfile:
<nftables>
<rule>
<family>ip</family>
<table>filter</table>
<chain>input</chain>
<handle>32</handle>
<expr type="immediate">
<dreg>0</dreg>
<immediatedata>
<data_reg type="verdict">
<verdict>accept</verdict>
</data_reg>
</immediatedata>
</expr>
</rule>
</nftables>
Example of the new structure of xmlfile:
<nftables>
<rule>
<family>ip</family>
<table>filter</table>
<chain>input</chain>
<handle>32</handle>
<expr type="immediate">
<dreg>0</dreg>
<data_reg type="verdict">
<verdict>accept</verdict>
</data_reg>
</expr>
</rule>
</nftables>
To generate the new testfiles, It use the option -u of nft-parsing-test
script.
Signed-off-by: Ana Rey <anarey@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It delete the cmpdata label in the structure of json and xml file.
Example of xmlfile:
The old structure of xml file:
[...]
<expr type="cmp">
<sreg>1</sreg>
<op>eq</op>
<cmpdata>
<data_reg type="value">
<len>4</len>
<data0>0x0100a8c0</data0>
</data_reg>
</cmpdata>
</expr>
The new structure of json file:
[...]
<expr type="cmp">
<sreg>1</sreg>
<op>eq</op>
<data_reg type="value">
<len>4</len>
<data0>0x0100a8c0</data0>
</data_reg>
</expr>
[...]
To generate the new testfiles, It use the option -u of nft-parsing-test
script.
Signed-off-by: Ana Rey <anarey@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Parsing tests were failing because a missing 'use' attribute in tables.
validating xmlfiles/02-table.xml: FAILED
from file: 0</flags></table>
f
from snprintf: 0</flags><use>0</use
^
[...]
validating jsonfiles/64-ruleset.json: FAILED
from file: ,"flags":0}},{"chain
from snprintf: ,"flags":0,"use":0}}
^
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Give a new XML ruleset testfile. For some reason patchwork has truncated
the file?
This should have been fixed in (b7c39a7 test: xml: fix malformed ruleset
testfile).
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Give a new XML ruleset testfile. For some reason, the previous was truncated.
This passed silently as nft-parsing-test is not reporting some errors properly.
This new file provides:
* 2 tables
* 3 chains
* 2 sets, with and without maps
* 3 rules with mixed exprs
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch adds a low level ruleset API for libnftables.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|