| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Bump libnftnl dependency to fix --debug with new TCP reset support.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Still requires libnftnl 1.2.1
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Still requires libnftnl 1.2.1
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Create an example folder to add example source code files to show how to
use libnftables. Add first example program using the buffer API.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
autoconf complains about three obsolete macros.
`AC_CONFIG_HEADER` has been superseded by `AC_CONFIG_HEADERS`, so
replace it.
`AM_PROG_LEX` calls `AC_PROG_LEX` with no arguments, but this usage is
deprecated. The only difference between `AM_PROG_LEX` and `AC_PROG_LEX`
is that the former defines `$LEX` as "./build-aux/missing lex" if no lex
is found to ensure a useful error is reported when make is run. How-
ever, the configure script checks that we have a working lex and exits
with an error if none is available, so `$LEX` will never be called and
we can replace `AM_PROG_LEX` with `AC_PROG_LEX`.
`AM_PROG_LIBTOOL` has been superseded by `LT_INIT`, which is already in
configure.ac, so remove it.
We can also replace `AC_DISABLE_STATIC` with an argument to `LT_INIT`.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Requires libnftnl 1.2.1
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
readline support only compiles for libreadline5, set libedit as default
library.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Update libversion since new API has been added in 9edaa6a51eab ("src:
add --define key=value").
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Update release name based on the Fearless Fosdick series: Prudence Pimpleton.
Bump dependencies on libnftnl.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Update release name based on the Fearless Fosdick series: E.D.S.
E.D.S. is the robotic "Electronic Detective Substitute" appearing in the
"Hole Story".
Bump dependencies on libnftnl.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Extend cli to support for libedit readline shim code:
./configure --with-cli=editline
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Eric Garver says: "It would probably be better to use the automake macro
AM_PATH_PYTHON. [...] The above is fine for now."
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Update release name based on the Fearless Fosdick series: Anyface.
Bump dependencies on libnftnl.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
v0.9.5 broke 'vmap' support:
https://bugzilla.kernel.org/show_bug.cgi?id=208093
Release new version to fix this.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Update release name based on Jazz series, Gene Krupa's "Capital Idea".
Bump dependencies on libmnl and libnftnl.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 4f2813a313ae ("build: Include generated man pages in dist
tarball") skips AC_CHECK_PROG for A2X altogether if doc/nft.8 is
already present.
Now, starting from a clean situation, we can have this sequence:
./configure # doc/nft.8 not there, A2X set in doc/Makefile
make # builds doc/nft.8
./configure # doc/nft.8 is there, A2X left empty in doc/Makefile
make clean # removes doc/nft.8
make
resulting in:
[...]
GEN nft.8
/bin/sh: -L: command not found
make[2]: *** [Makefile:639: nft.8] Error 127
and the only way to get out of this is to issue ./configure again
after make clean, which is rather unexpected.
Instead of skipping AC_CHECK_PROG when doc/nft.8 is present, keep
it and simply avoid returning failure if a2x(1) is not available but
doc/nft.8 was built, so that A2X is properly set in doc/Makefile
whenever needed.
Fixes: 4f2813a313ae ("build: Include generated man pages in dist tarball")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
The generated files are included in the tarballs already, but
configure.ac was coded to fail if yacc/lex were not found regardless.
Signed-off-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most projects ship pre-generated man pages in the distribution tarball
so that builders don't need the documentation tools installed, similar
to how bison-generated sources are included.
To do this, we conditionalize the presence check of a2x on whether nft.8
already exists in the source directory, as it would exist if included in
the distribution tarball.
Secondly, we move the 'if BUILD_MAN' conditional to around the man page
generation rules. This ensures that the man pages are unconditionally
installed. Also only add the man pages to CLEANFILES if their generation
is enabled.
Signed-off-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
Update release name based on Jazz series,
Jo Jones Trio's "Jive at Five":
https://www.youtube.com/watch?v=phFyIKf2h4s&list=PL_i-72Hx6rt7eQ6D_lxoKEUx5Gk7SRfX3&index=13&t=0s
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
nftables 0.9.3 requires libnftnl 1.1.5, otherwise compilation breaks:
https://bugs.gentoo.org/701976.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Phil Sutter <phil@nwl.cc>
|
| |
|
|
|
|
|
|
| |
Update release name based on Jazz series, Count Basie's "Topsy":
https://www.youtube.com/watch?v=Up78NJHESKE
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
Assuming these are still relevant and useful as a source of inspiration,
install them into DATAROOTDIR/doc/nftables/examples.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
By default, continue to use libreadline, but if `--with-cli=linenoise`
is passed to configure, build the linenoise implementation instead.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
configure.ac contains a couple of AC_SUBST macros which serve no
purpose. Remove them.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
Update dependency on libnftnl. Missing nf_synproxy.h in Makefile.am too.
Update release name based Jazz series, Fats Waller performing "Scram":
https://www.youtube.com/watch?v=c9-noJc9ifI
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Export public symbols (the library API functions) instead of all symbols in
the library.
This patch introduces the required macros to manage the visibility attributes
(mostly copied from libnftnl.git) and also marks each symbol as exported when
they need to be public. Also, introduce a .map file for proper symbol
versioning.
Previous to this patch, libnftables public symbols were:
% dpkg-gensymbols -q -plibnftables -v0.9.1 -O -esrc/.libs/libnftables.so.1 | wc -l
527
With this patch, libnftables symbols are:
% dpkg-gensymbols -q -plibnftables -v0.9.1 -O -esrc/.libs/libnftables.so.1
libnftables.so.1 libnftables #MINVER#
nft_ctx_add_include_path@Base 0.9.1
nft_ctx_buffer_error@Base 0.9.1
nft_ctx_buffer_output@Base 0.9.1
nft_ctx_clear_include_paths@Base 0.9.1
nft_ctx_free@Base 0.9.1
nft_ctx_get_dry_run@Base 0.9.1
nft_ctx_get_error_buffer@Base 0.9.1
nft_ctx_get_output_buffer@Base 0.9.1
nft_ctx_new@Base 0.9.1
nft_ctx_output_get_debug@Base 0.9.1
nft_ctx_output_get_flags@Base 0.9.1
nft_ctx_output_set_debug@Base 0.9.1
nft_ctx_output_set_flags@Base 0.9.1
nft_ctx_set_dry_run@Base 0.9.1
nft_ctx_set_error@Base 0.9.1
nft_ctx_set_output@Base 0.9.1
nft_ctx_unbuffer_error@Base 0.9.1
nft_ctx_unbuffer_output@Base 0.9.1
nft_run_cmd_from_buffer@Base 0.9.1
nft_run_cmd_from_filename@Base 0.9.1
Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
Update dependency on libnftnl.
Update release name too: https://www.youtube.com/watch?v=CTV1To1e5w8
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* AC_ARG_ENABLE implicitly defines enable_debug; there's no point in
performing extra work just to define with_debug with an identical
value.
* The same applies to with_xtables and with_libxtables.
* The AS_IF block in the `AC_ARG_ENABLE([man-doc], ...` invocation is
essentially a noop. All it does is to set enable_man_doc to `yes` if
has a value that matches neither `yes` nor `no`. (This could happen if
a user calls `configure --enable-man-doc=foo`, but that'd be a user
error which we don't need to handle.)
* The correct operator for equality tests in `test` is `=`. Some
implementations also support `==`, but this is not portable.
Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* If enable_man_doc is set, but a2x can't be found, configure should
fail instead of silently disabling man page creation.
* The AS_IF block checking $need_a2x is never active (need_a2x has been
removed from configure.ac in 13e44a608 and a277479dc).
* AC_CHECK_PROG(VAR, ...) is a noop if VAR is already set, allowing the
user to explicitly specify the (path to the) binary in VAR. Adjust the
AS_IF check to account for this.
Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
As we are going to need pf.os file to load OS fingerprints from the incoming
nfnl_osf.c, we copy it into the nftables tree directory "files/osf/".
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This adds unnecessary complexity to our build infrastructure. People can
just manually generate them in PDF in case they need too. So let's keep
it simple and remove this.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch converts nft.xml into asciidoc markup.
Signed-off-by: Arushi Singhal <arushisinghal19971997@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
| |
setup.py is used to build and install the python binding. Call
to setup.py are done in Makefile to proceed to build and
installation.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
docbook2man can not be used with the same option so let's remove
it from the alternative. Fedora and debian seems to be fine with
that.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
The document is written as man page in asciidoc which means this adds
another dependency to the build system. Though since the (long-term)
plan is to replace the docbook-based nft man page with an asciidoc one
anyway, we might ultimately get rid of docbook dependency in exchange.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Update dependency on libnftnl.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
| |
Dedicated to Al Capp cartoonist:
https://en.wikipedia.org/wiki/Fearless_Fosdick
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
The correct name is "docbook2x-man" not "docbookx2-man".
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Although technically there already is support for JSON output via 'nft
export json' command, it is hardly useable since it exports all the gory
details of nftables VM. Also, libnftables has no control over what is
exported since the content comes directly from libnftnl.
Instead, implement JSON format support for regular 'nft list' commands.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
nftables releases until 0.8.2 included base skeleton hooks
that were installed into /etc/nftables (sysconfdir).
With 0.8.3 and newer these files were moved to the documentation
area but apparently some users expect them to be there.
Resurrect them.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
| |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
AC_ARG_WITH runs this when EITHER --with-foo or --without-foo is given,
so use 'withval'.
After this patch:
./configure -> xtables off
./configure --with-xtables -> xtables on
./configure --without-xtables -> xtables off (was on).
Reported-by: Alexander Dahl <ada@thorsis.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commits d572d59788143945c2a638f12a5227d9b21ce489 and
9f5e49e147219cd161de8cd80cadf8a444969ef0.
Current libnftables API should be stable enough to release it into the
public, and after 4aba100e593f ("rule: reset cache iff there is an
existing cache") we have a simple way to batch commands through this
API.
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Check for 1.1.0, which includes flowtable symbols.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
| |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes the following macros:
* AC_PREREQ checks for 2.61, which is not supported any contemporary
distribution.
* AC_COPYRIGHT, autoconf documentation states "in addition to the Free
Software Foundation's copyright on the Autoconf macros, parts of your
configure are covered by the copyright-notice.".
This only refers to the autoconf infrastructure: we are doing simple
and standard usage of autoconf infrastructure, we also don't use this
macro in other existing userspace software available at netfilter.org.
The comment above at the beginning of this file shows text that is
available in many configure.ac templates on the Internet.
* AC_CANONICAL_HOST, we don't need the canonical host-system type to
build this software.
* AC_CONFIG_SRCDIR is not used in other userspace software in the tree.
* AC_DEFINE _GNU_SOURCE, define this where it's needed instead.
* AC_DEFINE _STDC_FORMAT_MACROS is not used in this codebase.
* AC_HEADER_STDC checks for ANSI C89 headers, however, we need more than
just this C standard, so this doesn't guarantee anything at all.
* Remove "Checks for libraries" comment, it's obvious.
* AC_HEADER_ASSERT allows us to disable assertions, this is bad because
this is helping us to diagnose bugs and incomplete features.
* AC_CHECK_HEADERS is checking for an arbitrary list of headers,
this still doesn't even guarantee that we can actually do a successful
compilation in a broken system.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
