summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* expr: fix concat expression type propagationPatrick McHardy2013-04-184-7/+74
| | | | | Dynamically instantiate a data type to represent all types of a concatenation and use that for type propagation.
* types: add ethernet address typePatrick McHardy2013-04-183-1/+14
| | | | | | | | Add a new type for ethernet addresses. This is needed since for concatenations we need fixed sized data types, the generic link layer address doesn't have a fixed length. Signed-off-by: Patrick McHardy <kaber@trash.net>
* datatype: parse/print in all basetypes subsequentlyPatrick McHardy2013-04-181-9/+15
| | | | | | | | Go down the chain of basetypes until we find a ->parse()/->print() callback or symbol table. Needed to invoke the generic link layer address parsing function for the etheraddr_type. Signed-off-by: Patrick McHardy <kaber@trash.net>
* expr: kill EXPR_F_PRIMARYPatrick McHardy2013-04-152-13/+4
| | | | | | Not used anymore, kill it. Signed-off-by: Patrick McHardy <kaber@trash.net>
* netlink_delinearize: don't reset source register after readPatrick McHardy2013-01-041-1/+0
| | | | | | | | | | Range expression use a single load and two comparisons. Don't reset the source register in netlink_delinearize when reading it. Fixes: "Relational expression has no left hand side" for range (x-y) expressions. Signed-off-by: Patrick McHardy <kaber@trash.net>
* chains: add rename testcasesPatrick McHardy2012-12-153-0/+16
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* rule: add rule insertion (prepend) supportPatrick McHardy2012-12-147-7/+34
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* chains: add chain rename supportPatrick McHardy2012-12-147-5/+71
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* netlink: fix query requestsPatrick McHardy2012-12-141-6/+10
| | | | | | | The callback needs to be set before sending the query since nl_wait_for_ack() already does message reception. Signed-off-by: Patrick McHardy <kaber@trash.net>
* tests: add loop detection testsPatrick McHardy2012-12-104-0/+29
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* cmd: fix handle use after free for implicit set declarationsPatrick McHardy2012-12-101-1/+4
| | | | | | | | The implicit set declaration passes the set's handle to cmd_alloc(), which copies the pointers to the allocated strings. Later on both the set's handle and the commands handle are freed, resulting in a use after free. Signed-off-by: Patrick McHardy <kaber@trash.net>
* rule: reenable adjacent payload mergingPatrick McHardy2012-12-092-1/+8
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* sets: fix sets using intervalsPatrick McHardy2012-12-091-1/+3
| | | | | | | | When using intervals, the initializers set_flags are set to SET_F_INTERVAL, however that is not propagated back to the set, so the segtree construction is not performed. Signed-off-by: Patrick McHardy <kaber@trash.net>
* netlink: fix endless loop on 64 bit when parsing binopsPatrick McHardy2012-12-091-1/+1
| | | | | | | | mpz_scan1() returns ULONG_MAX when no more bits are found. Due to assignment to an unsigned int, this value was truncated on 64 bit and the loop never terminated. Signed-off-by: Patrick McHardy <kaber@trash.net>
* rules: change rule handle to 64 bitPatrick McHardy2012-12-091-1/+1
| | | | | | Recent kernel versions are using 64 bit for the rule handle. Signed-off-by: Patrick McHardy <kaber@trash.net>
* expression: fix constant expression splicingPatrick McHardy2012-12-091-1/+3
| | | | | | Fix reversed order during constant splicing. Signed-off-by: Patrick McHardy <kaber@trash.net>
* payload: kill redundant payload protocol expressions during netlink ↵Patrick McHardy2012-12-091-5/+34
| | | | | | | | | postprocessing Kill payload protocol expressions like "ip protocol tcp" if a higher layer payload expression already implies this, like "tcp dport 22". Signed-off-by: Patrick McHardy <kaber@trash.net>
* seqtree: update mapping data when keeping the basePatrick McHardy2012-12-081-3/+8
| | | | | | | | When a prefix expression is followed by another prefix expression using the same base but a wider prefix, we need to update the mapping data to that of the second expression. Signed-off-by: Patrick McHardy <kaber@trash.net>
* tests: add verdict map testPatrick McHardy2012-12-081-0/+20
| | | | Signed-off-by: Patrick McHardy <kaber@ŧrash.net>
* segtree: fix segtree to properly support mappingsPatrick McHardy2012-12-083-34/+61
| | | | | | | Requires to use proper types for keys and data and using the key values for reverse transformation. Signed-off-by: Patrick McHardy <kaber@trash.net>
* debug: include verbose message in all BUG statementsroot2012-12-089-38/+44
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* evaluate: reintroduce type chekcs for relational expressionsPatrick McHardy2012-12-051-0/+27
| | | | | | | Since the parser can now generate constant expressions of a specific type not determinaed by the LHS, we need to check that relational expressions are actually using the correct types to avoid accepting stupid things like "tcp dport tcp".
* parser: fix parsing protocol names for protocols which are also keywordsPatrick McHardy2012-12-051-0/+63
| | | | | | "ip protocol tcp" will currently produce a syntax error since tcp is also a keyword which is expected ot be followed by a tcp header field. Allow to use protocol names that are also keywords and allocate a constant expression for them.
* tests: fix test, commands now comes before the family and table namePablo Neira Ayuso2012-08-0614-88/+88
| | | | | | | Most tests still don't work though. They still need another fix. Reported-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expression: Differentiate expr among anonymous structures in struct exprTomasz Bursztyka2012-08-036-26/+26
| | | | | | | This fixes compilation with gcc-4.7 Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* erec: Handle returned value properly in erec_printTomasz Bursztyka2012-08-031-3/+4
| | | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* evaluate: Remove useless variable in expr_evaluate_bitwise()Tomasz Bursztyka2012-08-031-2/+1
| | | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* netlink: Use the right datatype for verdictTomasz Bursztyka2012-08-031-1/+1
| | | | | Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add bridge filter table definitionsPatrick McHardy2010-07-061-0/+7
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* help: fix of the -I option in help displayRomain Bignon2010-07-061-1/+1
| | | | | | | Trivial patch which fixes typo. Signed-off-by: Romain Bignon <romain@peerfuse.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
* datatype: reject incompletely parsed integers in integer_type_parse()Patrick McHardy2010-07-061-1/+3
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* don't use internal_location for files specified on command linePatrick McHardy2010-07-061-1/+1
| | | | | | | | | Fixes strange error messages like: In file included from internal:0:0-0: files/examples/sets_and_maps:55:2-2: Error: syntax error, unexpected newline, expecting string Signed-off-by: Patrick McHardy <kaber@trash.net>
* netlink: add debugging for missing objectsPatrick McHardy2010-07-061-1/+4
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* nat: validate protocol context when performing transport protocol mappingsPatrick McHardy2010-07-061-8/+19
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* netlink: fix nat stmt linearization/parsingPatrick McHardy2010-07-062-26/+29
| | | | | | | | Fix invalid register use when parsing NAT statements and handle range expressions during postprocessing. When linearizing, allocate all registers for both proto and address expressions at once to avoid double use. Signed-off-by: Patrick McHardy <kaber@trash.net>
* payload: fix crash with uncombinable protocolsPatrick McHardy2010-07-061-5/+10
| | | | | | | | The dependency of non-combinable protocols (f.i. arp + tcp) results in a relational dependency expression without a datatype, causing a segfault later on. Signed-off-by: Patrick McHardy <kaber@trash.net>
* netlink: fix creation of base chains with hooknum and priority 0Patrick McHardy2010-07-063-1/+14
| | | | | | | | Base chains with both a hook number and priority of zero are created as regular chains. Fix by adding a BASECHAIN flag indicating that the chain should be created as a base chain. Signed-off-by: Patrick McHardy <kaber@trash.net>
* utils: fix invalid assertion in xrealloc()Patrick McHardy2010-07-061-1/+0
| | | | | | The pointer is allowed to have the value NULL. Signed-off-by: Patrick McHardy <kaber@trash.net>
* netlink: fix byteorder of RHS of relational meta expressionPatrick McHardy2010-07-063-9/+18
| | | | | | | The RHS needs to be postprocessed before updating the payload context for byteorder conversion. Fixes iiftype match reconstruction. Signed-off-by: Patrick McHardy <kaber@trash.net>
* debug: properly parse debug levelsPatrick McHardy2010-07-064-20/+81
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* build: fix endless recursion with SUBDIRS=...Patrick McHardy2010-07-061-1/+1
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* build: add 'archive' targetPatrick McHardy2010-07-061-0/+4
| | | | | | make archive creates a tar.bz2 from the HEAD version. Signed-off-by: Patrick McHardy <kaber@trash.net>
* parser: support bison >= 2.4Patrick McHardy2010-07-063-1531/+19
| | | | | | | | | Work around stange behaviour in bison >= 2.4 (see large comment in parser.y for details) and remove the skeleton file since it does not work with 2.4 anymore. Its only purpose was to increase the amount of possible tokens reported in error messages anyways. Signed-off-by: Patrick McHardy <kaber@trash.net>
* payload: fix two datatypesPatrick McHardy2009-07-281-1/+2
| | | | | | Fix typo in URG-flag and missing end-of-list marker for the arpop constants. Signed-off-by: Patrick McHardy <kaber@trash.net>
* payload: add DCCP packet type definitionsPatrick McHardy2009-07-285-0/+47
| | | | | | | | | | | | | | | | | | | # nft describe dccp type payload expression, datatype dccp_pkttype (DCCP packet type) (basetype integer), 4 bits pre-defined symbolic constants: request 0x0 response 0x1 data 0x2 ack 0x3 dataack 0x4 closereq 0x5 close 0x6 reset 0x7 sync 0x8 syncack 0x9 Signed-off-by: Patrick McHardy <kaber@trash.net>
* netlink: fix binop RHS byteorderPatrick McHardy2009-07-281-1/+2
| | | | | | | | | | | | | | | The byteorder of the RHS of a binop must be set before post-processing it to make sure it will get byteorder-switched if necessary. Fixes invalid conntrack expression states when used with bitmasks: ct state 33554432,67108864 counter packets 1924 bytes 142960 => ct state established,related counter packets 2029 bytes 151508 Signed-off-by: Patrick McHardy <kaber@trash.net>
* netlink: dump all chains when listing rulesPatrick McHardy2009-07-281-0/+3
| | | | | | | | Currently only the rules are dumped and chains are constructed based on the rules identities. Dump all chains manually to make sure we also display empty chains. Signed-off-by: Patrick McHardy <kaber@trash.net>
* netlink: fix bitmask element reconstructionPatrick McHardy2009-07-281-3/+3
| | | | | | | mpz_scan1() needs to begin scanning at bit 0 and the loop must accept bit 0 as valid. No more bits were found when ULONG_MAX is returned. Signed-off-by: Patrick McHardy <kaber@trash.net>
* debug: allow runtime control of debugging outputPatrick McHardy2009-07-284-25/+37
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* add support for new set API and standalone setsPatrick McHardy2009-07-2813-349/+1515
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>