summaryrefslogtreecommitdiffstats
path: root/src/utils.c
Commit message (Collapse)AuthorAgeFilesLines
* src: add interface wildcard matchingPablo Neira Ayuso2015-11-021-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Contrary to iptables, we use the asterisk character '*' as wildcard. # nft --debug=netlink add rule test test iifname eth\* ip test test [ meta load iifname => reg 1 ] [ cmp eq reg 1 0x00687465 ] Note that this generates an optimized comparison without bitwise. In case you want to match a device that contains an asterisk, you have to escape the asterisk, ie. # nft add rule test test iifname eth\\* The wildcard string handling occurs from the evaluation step, where we convert from: relational / \ / \ meta value oifname eth* to: relational / \ / \ meta prefix ofiname As Patrick suggested, this not actually a wildcard but a prefix since it only applies to the string when placed at the end. More comments: * This relaxes the left->size > right->size from netlink_parse_cmp() for strings since the optimization that this patch applies may now result in bogus errors. * This patch can be later on extended to apply a similar optimization to payload expressions when: expr->len % BITS_PER_BYTE == 0 For meta and ct, the kernel checks for the exact length of the attributes (it expects integer 32 bits) so we can't do it unless we relax that. * Wildcard strings are not supported from sets and maps yet. Error reporting is not very good at this stage since expr_evaluate_prefix() doesn't have enough context (ctx->set is NULL, the set object is currently created later after evaluating the lhs and rhs of the relational). I'll be following up on this later. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* utils: indicate file and line on memory allocation errorsPablo Neira Ayuso2014-11-041-2/+2
| | | | | | | | | | | | For example: src/netlink.c:179: Memory allocation failure This shouldn't happen, so this allows us to identify at what point the memory allocation failure has happened. It may be helpful to identify bugs. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* utils: fix invalid assertion in xrealloc()Patrick McHardy2010-07-061-1/+0
| | | | | | The pointer is allowed to have the value NULL. Signed-off-by: Patrick McHardy <kaber@trash.net>
* Initial commitv0.01-alpha1Patrick McHardy2009-03-181-0/+69