| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Dynamically instantiate a data type to represent all types of a concatenation
and use that for type propagation.
|
|
|
|
|
|
|
|
| |
Add a new type for ethernet addresses. This is needed since for concatenations
we need fixed sized data types, the generic link layer address doesn't have
a fixed length.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
| |
Go down the chain of basetypes until we find a ->parse()/->print() callback
or symbol table. Needed to invoke the generic link layer address parsing
function for the etheraddr_type.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
| |
Not used anymore, kill it.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
|
| |
Range expression use a single load and two comparisons. Don't reset the
source register in netlink_delinearize when reading it.
Fixes: "Relational expression has no left hand side" for range (x-y)
expressions.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
| |
The callback needs to be set before sending the query since nl_wait_for_ack()
already does message reception.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
| |
The implicit set declaration passes the set's handle to cmd_alloc(), which copies
the pointers to the allocated strings. Later on both the set's handle and the
commands handle are freed, resulting in a use after free.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
| |
When using intervals, the initializers set_flags are set to SET_F_INTERVAL,
however that is not propagated back to the set, so the segtree construction
is not performed.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
| |
mpz_scan1() returns ULONG_MAX when no more bits are found. Due to assignment
to an unsigned int, this value was truncated on 64 bit and the loop never
terminated.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
| |
Recent kernel versions are using 64 bit for the rule handle.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
| |
Fix reversed order during constant splicing.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
| |
postprocessing
Kill payload protocol expressions like "ip protocol tcp" if a higher layer
payload expression already implies this, like "tcp dport 22".
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
| |
When a prefix expression is followed by another prefix expression using the
same base but a wider prefix, we need to update the mapping data to that of
the second expression.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@ŧrash.net>
|
|
|
|
|
|
|
| |
Requires to use proper types for keys and data and using the key values for reverse
transformation.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
| |
Since the parser can now generate constant expressions of a specific type
not determinaed by the LHS, we need to check that relational expressions
are actually using the correct types to avoid accepting stupid things
like "tcp dport tcp".
|
|
|
|
|
|
| |
"ip protocol tcp" will currently produce a syntax error since tcp is also a keyword
which is expected ot be followed by a tcp header field. Allow to use protocol names
that are also keywords and allocate a constant expression for them.
|
|
|
|
|
|
|
| |
Most tests still don't work though. They still need another fix.
Reported-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This fixes compilation with gcc-4.7
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
| |
Trivial patch which fixes typo.
Signed-off-by: Romain Bignon <romain@peerfuse.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
| |
Fixes strange error messages like:
In file included from internal:0:0-0:
files/examples/sets_and_maps:55:2-2: Error: syntax error, unexpected newline, expecting string
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
| |
Fix invalid register use when parsing NAT statements and handle range expressions
during postprocessing. When linearizing, allocate all registers for both proto and
address expressions at once to avoid double use.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
| |
The dependency of non-combinable protocols (f.i. arp + tcp) results in
a relational dependency expression without a datatype, causing a segfault
later on.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
| |
Base chains with both a hook number and priority of zero are created
as regular chains. Fix by adding a BASECHAIN flag indicating that the
chain should be created as a base chain.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
| |
The pointer is allowed to have the value NULL.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
| |
The RHS needs to be postprocessed before updating the payload context
for byteorder conversion. Fixes iiftype match reconstruction.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
| |
make archive creates a tar.bz2 from the HEAD version.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
| |
Work around stange behaviour in bison >= 2.4 (see large comment in parser.y for
details) and remove the skeleton file since it does not work with 2.4 anymore.
Its only purpose was to increase the amount of possible tokens reported in error
messages anyways.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
| |
Fix typo in URG-flag and missing end-of-list marker for the arpop constants.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
# nft describe dccp type
payload expression, datatype dccp_pkttype (DCCP packet type) (basetype integer), 4 bits
pre-defined symbolic constants:
request 0x0
response 0x1
data 0x2
ack 0x3
dataack 0x4
closereq 0x5
close 0x6
reset 0x7
sync 0x8
syncack 0x9
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The byteorder of the RHS of a binop must be set before post-processing it to
make sure it will get byteorder-switched if necessary.
Fixes invalid conntrack expression states when used with bitmasks:
ct state 33554432,67108864 counter packets 1924 bytes 142960
=>
ct state established,related counter packets 2029 bytes 151508
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
| |
Currently only the rules are dumped and chains are constructed based
on the rules identities. Dump all chains manually to make sure we also
display empty chains.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
| |
mpz_scan1() needs to begin scanning at bit 0 and the loop must accept
bit 0 as valid. No more bits were found when ULONG_MAX is returned.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|