summaryrefslogtreecommitdiffstats
path: root/include/utils.h
Commit message (Collapse)AuthorAgeFilesLines
* libnftables: export public symbols onlyArturo Borrero Gonzalez2019-07-011-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Export public symbols (the library API functions) instead of all symbols in the library. This patch introduces the required macros to manage the visibility attributes (mostly copied from libnftnl.git) and also marks each symbol as exported when they need to be public. Also, introduce a .map file for proper symbol versioning. Previous to this patch, libnftables public symbols were: % dpkg-gensymbols -q -plibnftables -v0.9.1 -O -esrc/.libs/libnftables.so.1 | wc -l 527 With this patch, libnftables symbols are: % dpkg-gensymbols -q -plibnftables -v0.9.1 -O -esrc/.libs/libnftables.so.1 libnftables.so.1 libnftables #MINVER# nft_ctx_add_include_path@Base 0.9.1 nft_ctx_buffer_error@Base 0.9.1 nft_ctx_buffer_output@Base 0.9.1 nft_ctx_clear_include_paths@Base 0.9.1 nft_ctx_free@Base 0.9.1 nft_ctx_get_dry_run@Base 0.9.1 nft_ctx_get_error_buffer@Base 0.9.1 nft_ctx_get_output_buffer@Base 0.9.1 nft_ctx_new@Base 0.9.1 nft_ctx_output_get_debug@Base 0.9.1 nft_ctx_output_get_flags@Base 0.9.1 nft_ctx_output_set_debug@Base 0.9.1 nft_ctx_output_set_flags@Base 0.9.1 nft_ctx_set_dry_run@Base 0.9.1 nft_ctx_set_error@Base 0.9.1 nft_ctx_set_output@Base 0.9.1 nft_ctx_unbuffer_error@Base 0.9.1 nft_ctx_unbuffer_output@Base 0.9.1 nft_run_cmd_from_buffer@Base 0.9.1 nft_run_cmd_from_filename@Base 0.9.1 Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* utils: remove type checks in min() and max()Pablo Neira Ayuso2018-11-301-11/+5
| | | | | | So we can pass functions as parameters, needed by follow up patch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expression: fix constant expression allocation on big endian with partial bytesSabrina Dubroca2018-04-191-1/+1
| | | | | | | | | | | | | | | | Commit 5259feeb7cda ("expression: fix constant expression allocation on big endian") improved constant handling on big endian, but didn't handle the case of partial bytes correctly. Currently, constant_data_ptr(val, 6) points to the item after val, instead of the last byte of val. Thanks to Stefano for providing the correct expression. Fixes: 5259feeb7cda ("expression: fix constant expression allocation on big endian") Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* utils: fix one compilation error with --with-mini-gmpPablo Neira Ayuso2017-11-221-0/+4
| | | | | | | | | | | | | | | Restore some code that is needed, until we have a version of gmp_printf that takes variable arguments. In file included from ../include/utils.h:12:0, from ../include/nftables.h:6, from ../include/rule.h:5, from segtree.c:15: segtree.c: In function ‘ei_insert’: ../include/gmputil.h:12:20: error: too many arguments to function ‘mpz_printf’ #define gmp_printf mpz_printf Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove ifdef DEBUG pollutionPablo Neira Ayuso2017-08-231-12/+0
| | | | | | | | | | | | | | | Get rid of lots of ifdef DEBUG pollution in the code. The --debug= option is useful to get feedback from users, so it should be always there. And we really save nothing from keeping this code away from the control plane with a compile time option. Just running tests/shell/ before and after this patch, time shows almost no difference. So this patch leaves --enable-debug around to add debugging symbols in your builds, this is left set on by default. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: Remove __init and __exit macro definitions.Varsha Rao2017-07-171-2/+0
| | | | | | | | | | | | Add nft_init and nft_exit functions, which calls _init and _exit functions in main.c file. Remove __init and __exit macro definitions as libnftables library will be created soon. Rename realm_table_init() and realm_table_exit() functions to avoid ambiguity as realm_table_rt_init(), realm_table_meta_init, realm_table_rt_exit() and realm_table_meta_exit() in rt.c and meta.c files. Signed-off-by: Varsha Rao <rvarsha016@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* utils: provide array allocation wrapperOleksandr Natalenko2017-01-031-0/+1
| | | | | | | | This will be used for allocating memory for arrays in heap instead of keeping them on stack. Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name> Signed-off-by: Florian Westphal <fw@strlen.de>
* utils: provide snprintf helper macroFlorian Westphal2016-10-271-0/+10
| | | | | | | lifted from libnftnl, except that we will abort on snprintf errors. Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
* datatype: time_type should send milliseconds to userspacePablo Neira Ayuso2016-07-091-0/+1
| | | | | | | Kernel expects milliseconds, so fix this datatype to use milliseconds instead of seconds. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: fix sub-byte protocol header definitionsPablo Neira Ayuso2015-12-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update bitfield definitions to match according to the way they are expressed in RFC and IEEE specifications. This required a bit of update for c3f0501 ("src: netlink_linearize: handle sub-byte lengths"). >From the linearize step, to calculate the shift based on the bitfield offset, we need to obtain the length of the word in bytes: len = round_up(expr->len, BITS_PER_BYTE); Then, we substract the offset bits and the bitfield length. shift = len - (offset + expr->len); From the delinearize, payload_expr_trim() needs to obtain the real offset through: off = round_up(mask->len, BITS_PER_BYTE) - mask_len; For vlan id (offset 12), this gets the position of the last bit set in the mask (ie. 12), then we substract the length we fetch in bytes (16), so we obtain the real bitfield offset (4). Then, we add that to the original payload offset that was expressed in bytes: payload_offset += off; Note that payload_expr_trim() now also adjusts the payload expression to its real length and offset so we don't need to propagate the mask expression. Reported-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add interface wildcard matchingPablo Neira Ayuso2015-11-021-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Contrary to iptables, we use the asterisk character '*' as wildcard. # nft --debug=netlink add rule test test iifname eth\* ip test test [ meta load iifname => reg 1 ] [ cmp eq reg 1 0x00687465 ] Note that this generates an optimized comparison without bitwise. In case you want to match a device that contains an asterisk, you have to escape the asterisk, ie. # nft add rule test test iifname eth\\* The wildcard string handling occurs from the evaluation step, where we convert from: relational / \ / \ meta value oifname eth* to: relational / \ / \ meta prefix ofiname As Patrick suggested, this not actually a wildcard but a prefix since it only applies to the string when placed at the end. More comments: * This relaxes the left->size > right->size from netlink_parse_cmp() for strings since the optimization that this patch applies may now result in bogus errors. * This patch can be later on extended to apply a similar optimization to payload expressions when: expr->len % BITS_PER_BYTE == 0 For meta and ct, the kernel checks for the exact length of the attributes (it expects integer 32 bits) so we can't do it unless we relax that. * Wildcard strings are not supported from sets and maps yet. Error reporting is not very good at this stage since expr_evaluate_prefix() doesn't have enough context (ctx->set is NULL, the set object is currently created later after evaluating the lhs and rhs of the relational). I'll be following up on this later. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: modify pr_debug() to use printf and introduce to pr_gmp_debug()Pablo Neira Ayuso2015-01-081-2/+8
| | | | | | | | | | | | | Modify pr_debug() to use printf so we get debugging traces for proto-ctx when --with-mini-gmp is enabled. Add pr_gmp_debug(), this is disabled with --with-mini-gmp since it relies on the gmp_printf(), which is not available in the mini-gmp implementation. Suggested by Patrick. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: add --with-mini-gmp switch to disable linking libgmpSteven Barth2015-01-081-3/+3
| | | | | | | | | | This allows to disable linking the >400 KB big libgmp and replace it with the builtin mini-gmp which only increases size by ~30KB. Enabling this selectively decreases debugging verbosity (pr_debug). Signed-off-by: Steven Barth <cyrus@openwrt.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* utils: add fls()Patrick McHardy2014-12-161-0/+37
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* utils: indicate file and line on memory allocation errorsPablo Neira Ayuso2014-11-041-1/+4
| | | | | | | | | | | | For example: src/netlink.c:179: Memory allocation failure This shouldn't happen, so this allows us to identify at what point the memory allocation failure has happened. It may be helpful to identify bugs. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expression: fix constant expression allocation on big endianArturo Borrero Gonzalez2014-04-121-0/+14
| | | | | | | | | | | | | | | When allocating a constant expression, a pointer to the data is passed to the allocation function. When the variable used to store the data is larger than the size of the data type, this fails on big endian since the most significant bytes (being zero) come first. Add a helper function to calculate the proper address for the cases where this is needed. This currently affects symbolic tables for values < u64 and payload dependency generation for protocol values < u32. Signed-off-by: Patrick McHardy <kaber@trash.net>
* utils: fix -Wcast-align warnings on sparcPatrick McHardy2014-04-091-1/+1
| | | | | | | | | | | The cast to char * in the container_of() marcro causes warnings for all list iteration helpers on sparc: warning: cast increases required alignment of target type [-Wcast-align] Fix by using a void * for address calculations. Signed-off-by: Patrick McHardy <kaber@trash.net>
* debug: include verbose message in all BUG statementsroot2012-12-081-1/+5
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* Fix use of reserved names in header sandwichPatrick McHardy2009-03-181-3/+3
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* Initial commitv0.01-alpha1Patrick McHardy2009-03-181-0/+69