summaryrefslogtreecommitdiffstats
path: root/src/rule.c
Commit message (Collapse)AuthorAgeFilesLines
* cli: complete basic functionality of the interactive modePablo Neira Ayuso2013-05-191-6/+19
| | | | | | | | | | This patch adds missing code to get basic interactive mode operative via `nft -i', including parsing, evaluation, command execution via netlink and error reporting. Autocomplete is not yet implemented. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cmd/netlink: make sure we always have a location in netlink operationsPatrick McHardy2013-04-181-33/+42
| | | | | | Improve error reporting by always using a location in netlink operations. Signed-off-by: Patrick McHardy<kaber@trash.net>
* rule: fix nft list chainPablo Neira Ayuso2013-04-181-1/+4
| | | | | | | | | | | | | | | | Use netlink_list_chains instead of netlink_list_chain (note the final `s') After "nft list table filter" shows: table filter { chain input { } } "nft list chain filter input" shows: table filter { }
* rule: allow to list of existing tablesPablo Neira Ayuso2013-04-181-0/+13
| | | | | | | | You can now specify: nft list tables ip to obtain the list of all existing tables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rule: add rule insertion (prepend) supportPatrick McHardy2012-12-141-2/+17
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* chains: add chain rename supportPatrick McHardy2012-12-141-1/+29
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* rule: reenable adjacent payload mergingPatrick McHardy2012-12-091-1/+0
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* segtree: fix segtree to properly support mappingsPatrick McHardy2012-12-081-1/+1
| | | | | | | Requires to use proper types for keys and data and using the key values for reverse transformation. Signed-off-by: Patrick McHardy <kaber@trash.net>
* debug: include verbose message in all BUG statementsroot2012-12-081-6/+6
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* netlink: dump all chains when listing rulesPatrick McHardy2009-07-281-0/+3
| | | | | | | | Currently only the rules are dumped and chains are constructed based on the rules identities. Dump all chains manually to make sure we also display empty chains. Signed-off-by: Patrick McHardy <kaber@trash.net>
* add support for new set API and standalone setsPatrick McHardy2009-07-281-13/+165
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* Release scopes during cleanupPatrick McHardy2009-03-201-0/+14
| | | | | | Properly release the user-defined symbols. Signed-off-by: Patrick McHardy <kaber@trash.net>
* Add support for scoping and symbol bindingPatrick McHardy2009-03-201-0/+32
| | | | | | | | | | | | As a first step towards stand-alone sets, add support for scoping and binding symbols. This will be used for user-defined constants, as well as declarations of modifiable (stand-alone) sets once the kernel side is ready. Scopes are currently limited to three nesting levels: the global scope, table block scopes and chain block scopes. Signed-off-by: Patrick McHardy <kaber@trash.net>
* Initial commitv0.01-alpha1Patrick McHardy2009-03-181-0/+441