Patrick McHardy [Sun, 9 Dec 2012 12:35:23 +0000 (13:35 +0100)]
sets: fix sets using intervals
When using intervals, the initializers set_flags are set to SET_F_INTERVAL,
however that is not propagated back to the set, so the segtree construction
is not performed.
Patrick McHardy [Sun, 9 Dec 2012 13:55:03 +0000 (14:55 +0100)]
netlink: fix endless loop on 64 bit when parsing binops
mpz_scan1() returns ULONG_MAX when no more bits are found. Due to assignment
to an unsigned int, this value was truncated on 64 bit and the loop never
terminated.
Patrick McHardy [Sat, 8 Dec 2012 19:42:16 +0000 (20:42 +0100)]
seqtree: update mapping data when keeping the base
When a prefix expression is followed by another prefix expression using the
same base but a wider prefix, we need to update the mapping data to that of
the second expression.
Patrick McHardy [Wed, 5 Dec 2012 18:45:22 +0000 (19:45 +0100)]
evaluate: reintroduce type chekcs for relational expressions
Since the parser can now generate constant expressions of a specific type
not determinaed by the LHS, we need to check that relational expressions
are actually using the correct types to avoid accepting stupid things
like "tcp dport tcp".
Patrick McHardy [Wed, 5 Dec 2012 18:39:00 +0000 (19:39 +0100)]
parser: fix parsing protocol names for protocols which are also keywords
"ip protocol tcp" will currently produce a syntax error since tcp is also a keyword
which is expected ot be followed by a tcp header field. Allow to use protocol names
that are also keywords and allocate a constant expression for them.
Patrick McHardy [Tue, 6 Jul 2010 03:57:23 +0000 (05:57 +0200)]
netlink: fix nat stmt linearization/parsing
Fix invalid register use when parsing NAT statements and handle range expressions
during postprocessing. When linearizing, allocate all registers for both proto and
address expressions at once to avoid double use.
Patrick McHardy [Tue, 6 Jul 2010 03:57:22 +0000 (05:57 +0200)]
payload: fix crash with uncombinable protocols
The dependency of non-combinable protocols (f.i. arp + tcp) results in
a relational dependency expression without a datatype, causing a segfault
later on.
Patrick McHardy [Tue, 6 Jul 2010 03:57:22 +0000 (05:57 +0200)]
netlink: fix creation of base chains with hooknum and priority 0
Base chains with both a hook number and priority of zero are created
as regular chains. Fix by adding a BASECHAIN flag indicating that the
chain should be created as a base chain.
Patrick McHardy [Tue, 6 Jul 2010 03:57:00 +0000 (05:57 +0200)]
parser: support bison >= 2.4
Work around stange behaviour in bison >= 2.4 (see large comment in parser.y for
details) and remove the skeleton file since it does not work with 2.4 anymore.
Its only purpose was to increase the amount of possible tokens reported in error
messages anyways.
Patrick McHardy [Tue, 28 Jul 2009 12:17:41 +0000 (14:17 +0200)]
netlink: dump all chains when listing rules
Currently only the rules are dumped and chains are constructed based
on the rules identities. Dump all chains manually to make sure we also
display empty chains.
Patrick McHardy [Tue, 31 Mar 2009 02:14:26 +0000 (04:14 +0200)]
datatype: maintain table of all datatypes and add registration/lookup function
Add a table containing all available datatypes and registration/lookup functions.
This will be used to associate a stand-alone set in the kernel with the correct
type without parsing the entire ruleset.
Additionally it would now be possible to remove the global declarations for the
core types. Not done yet though.
Patrick McHardy [Fri, 20 Mar 2009 15:17:51 +0000 (16:17 +0100)]
Fix multiple references to the same user defined symbolic expression
The expression needs to be cloned so transformations don't corrupt the original
expression. This could be slightly optimized by only taking a reference and
COW'ing when necessary (which is actually quite rare).
ip saddr $allowed_hosts udp dport $udp_services counter accept
ip saddr $allowed_hosts tcp dport $tcp_services counter accept
Recursive definitions are possible, but currently not fully handled.
Anything requiring transformations (sets using ranges) can not be
used more than once currently since the expressions need to be COW'ed
previously.
Patrick McHardy [Fri, 20 Mar 2009 07:12:18 +0000 (08:12 +0100)]
Add support for scoping and symbol binding
As a first step towards stand-alone sets, add support for scoping and
binding symbols. This will be used for user-defined constants, as well
as declarations of modifiable (stand-alone) sets once the kernel side
is ready.
Scopes are currently limited to three nesting levels: the global scope,
table block scopes and chain block scopes.
projects / thirdparty / nftables.git / log
