Patrick McHardy [Tue, 6 Jul 2010 03:57:23 +0000 (05:57 +0200)]
netlink: fix nat stmt linearization/parsing
Fix invalid register use when parsing NAT statements and handle range expressions
during postprocessing. When linearizing, allocate all registers for both proto and
address expressions at once to avoid double use.
Patrick McHardy [Tue, 6 Jul 2010 03:57:22 +0000 (05:57 +0200)]
payload: fix crash with uncombinable protocols
The dependency of non-combinable protocols (f.i. arp + tcp) results in
a relational dependency expression without a datatype, causing a segfault
later on.
Patrick McHardy [Tue, 6 Jul 2010 03:57:22 +0000 (05:57 +0200)]
netlink: fix creation of base chains with hooknum and priority 0
Base chains with both a hook number and priority of zero are created
as regular chains. Fix by adding a BASECHAIN flag indicating that the
chain should be created as a base chain.
Patrick McHardy [Tue, 6 Jul 2010 03:57:00 +0000 (05:57 +0200)]
parser: support bison >= 2.4
Work around stange behaviour in bison >= 2.4 (see large comment in parser.y for
details) and remove the skeleton file since it does not work with 2.4 anymore.
Its only purpose was to increase the amount of possible tokens reported in error
messages anyways.
Patrick McHardy [Tue, 28 Jul 2009 12:17:41 +0000 (14:17 +0200)]
netlink: dump all chains when listing rules
Currently only the rules are dumped and chains are constructed based
on the rules identities. Dump all chains manually to make sure we also
display empty chains.
Patrick McHardy [Tue, 31 Mar 2009 02:14:26 +0000 (04:14 +0200)]
datatype: maintain table of all datatypes and add registration/lookup function
Add a table containing all available datatypes and registration/lookup functions.
This will be used to associate a stand-alone set in the kernel with the correct
type without parsing the entire ruleset.
Additionally it would now be possible to remove the global declarations for the
core types. Not done yet though.
Patrick McHardy [Fri, 20 Mar 2009 15:17:51 +0000 (16:17 +0100)]
Fix multiple references to the same user defined symbolic expression
The expression needs to be cloned so transformations don't corrupt the original
expression. This could be slightly optimized by only taking a reference and
COW'ing when necessary (which is actually quite rare).
ip saddr $allowed_hosts udp dport $udp_services counter accept
ip saddr $allowed_hosts tcp dport $tcp_services counter accept
Recursive definitions are possible, but currently not fully handled.
Anything requiring transformations (sets using ranges) can not be
used more than once currently since the expressions need to be COW'ed
previously.
Patrick McHardy [Fri, 20 Mar 2009 07:12:18 +0000 (08:12 +0100)]
Add support for scoping and symbol binding
As a first step towards stand-alone sets, add support for scoping and
binding symbols. This will be used for user-defined constants, as well
as declarations of modifiable (stand-alone) sets once the kernel side
is ready.
Scopes are currently limited to three nesting levels: the global scope,
table block scopes and chain block scopes.
projects / thirdparty / nftables.git / log
