git.ipfire.org Git - thirdparty/libnftnl.git/log

]> git.ipfire.org Git - thirdparty/libnftnl.git/log

projects / thirdparty / libnftnl.git / log

summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next

commit | commitdiff | tree

Álvaro Neira Ayuso [Mon, 15 Jul 2013 19:31:00 +0000 (21:31 +0200)]

chain: json: use string to identify policy

* if we don't have hooknum we don't need to print the policy tag
* If we have hooknum, i have used the policy2str function for printing the policy with
"accept" string or "drop" string

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Álvaro Neira Ayuso [Mon, 15 Jul 2013 19:30:52 +0000 (21:30 +0200)]

set: json: fix incomplete output

In (bf39c53 set: add json output), the json support for sets was
incomplete:

* version, family, key_type, key_len, data_type, data_len were not included.
* Now I use nft_data_reg_snprintf for printing the key and data

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Mon, 15 Jul 2013 17:52:25 +0000 (19:52 +0200)]

expr: limit: fix getter

Set missing data length via getter, otherwise it returns zero.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero [Thu, 11 Jul 2013 08:44:13 +0000 (10:44 +0200)]

src: add nft_*_list_is_empty() functions

This functions check if a given nft_*_list is empty or not.

I found this quite useful while working with a full ruleset.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Sat, 13 Jul 2013 19:35:33 +0000 (21:35 +0200)]

include: update include/linux/netfilter/nf_tables.h

Get it in sync with the current kernel tree.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Sat, 13 Jul 2013 19:56:06 +0000 (21:56 +0200)]

expr: add nft_expr_data to replace explicit casting to obtain expression data

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Sat, 13 Jul 2013 19:21:27 +0000 (21:21 +0200)]

expr: use __attribute__((constructor)) to register expression

Instead of manual array registration.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Wed, 10 Jul 2013 16:34:57 +0000 (18:34 +0200)]

examples: nft-{table,chain,rule}-xml-add: fix missing NLM_F_CREATE

Thus, automodule loading was not working.

While at it, apply not so relevant comestic cleanups and fix some
inconsistencies between examples.

* Fix copyright header, this is code heavily based on existing
nft-*-add examples.
* Remove unrequired extern struct nft_table definition.
* Make sure we close file descriptor once we don't need it anymore.
* Remove unrequired casting.
* Remove comment that provides nothing interesting.

I considered a patch to address each on those was too much burden.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Eric Leblond [Wed, 10 Jul 2013 16:22:53 +0000 (18:22 +0200)]

expr: payload: fix incorrect length and base in default output

This patch fixes an accidental swapping of the dreg and length
payload fields.

Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Tue, 9 Jul 2013 19:13:11 +0000 (21:13 +0200)]

examples: remove LIBXML_LIBS from LDADD

Remove it from the example files, we don't need it. There is no explicit
reference to any of the libmxml functions in those files, so the linker
does not need that library.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Tue, 9 Jul 2013 18:42:58 +0000 (20:42 +0200)]

expr: payload: fix printing of base

In (f95e859 src: improve default text output), it assumes all bases
are network, but we may have link and transport as well.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero [Mon, 8 Jul 2013 11:52:31 +0000 (13:52 +0200)]

bitwise: xml: export len node

Fix missing length, it was not being exported in XML.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@soleta.eu>

commit | commitdiff | tree

Arturo Borrero [Sat, 6 Jul 2013 00:39:52 +0000 (02:39 +0200)]

set: add xml output

This patch adds XML output for sets.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero [Fri, 5 Jul 2013 14:28:06 +0000 (16:28 +0200)]

src: xml: consolidate parsing of data_reg via nft_mxml_data_reg_parse

Move common code for XML parsing of data_reg to the new
nft_mxml_data_reg_parse function.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Álvaro Neira Ayuso [Fri, 5 Jul 2013 12:41:35 +0000 (14:41 +0200)]

examples: nft-table-get: add json support

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Álvaro Neira Ayuso [Fri, 5 Jul 2013 12:41:28 +0000 (14:41 +0200)]

set: add json output

This patch allows you to dump set and their content in json format.

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Fri, 5 Jul 2013 21:38:40 +0000 (23:38 +0200)]

set: fix printing of key and data registers

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Fri, 5 Jul 2013 12:00:08 +0000 (14:00 +0200)]

src: expr: data_reg: fix printing data register content

Before:

ip filter output 41
  [ payload load 1b @ network header + 9 => reg 1 ]
  [ cmp eq reg 1 ]

Now:

ip filter output 41
  [ payload load 1b @ network header + 9 => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
                 ^^^^^^^^^^

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Giuseppe Longo [Fri, 5 Jul 2013 08:06:28 +0000 (10:06 +0200)]

src: improve default text output

This patch improves default plain text output by mimicing the
default output of libnl-nft.

While at it, several %lu has been translated to use %"PRIu64"
for correctness.

[ I have added the policy to string translation --pablo ]

Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Thu, 4 Jul 2013 14:51:57 +0000 (16:51 +0200)]

src: xml: fix compilation without XML parsing enabled

Since (d844fa0 src: consolidate XML parsing of expressions via
nft_mxml_expr_parse), the library was not compiling with XML support
anymore.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Thu, 4 Jul 2013 14:10:24 +0000 (16:10 +0200)]

src: consolidate XML parsing of expressions via nft_mxml_reg_parse

This patch reduces the XML code in 100 LOC.

commit | commitdiff | tree

Pablo Neira Ayuso [Thu, 4 Jul 2013 12:50:22 +0000 (14:50 +0200)]

src: consolidate XML parsing of expressions via nft_mxml_expr_parse

Move common code for XML parsing of expressions to the new
nft_mxml_expr_parse function.

This patch reduces the XML parsing code in 300 LOC.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Thu, 4 Jul 2013 10:34:07 +0000 (12:34 +0200)]

expr: ct: fix setting of NFT_EXPR_CT_DIR

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Tomasz Bursztyka [Wed, 3 Jul 2013 09:42:20 +0000 (12:42 +0300)]

expr: Fix header inclusion for integer types

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Álvaro Neira Ayuso [Thu, 27 Jun 2013 19:56:26 +0000 (21:56 +0200)]

examples: add JSON support

By specifying 'json' as first parameter.

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Álvaro Neira Ayuso [Thu, 27 Jun 2013 19:56:18 +0000 (21:56 +0200)]

src: support JSON format in chain, rule and expressions

While at it, order possible switch cases of _snprintf.

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Thu, 27 Jun 2013 19:26:34 +0000 (21:26 +0200)]

tests: nft-parsing-test: restore default terminal color after test

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Thu, 27 Jun 2013 19:25:03 +0000 (21:25 +0200)]

tests: remove several wrong XML nodes in tests

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Thu, 27 Jun 2013 18:09:34 +0000 (20:09 +0200)]

test: add testbench for XML

This patch add a testbench for XML parsing, which may be extended
to test JSON as well.

To use it:
$ cd test/
$ make nft-parsing-test
$ ./nft-parsing-test xmlfiles/

This testbench supersedes old .sh test scripts, so they are deleted.

[ I have mangled this patch to rename/mangle files, to colorize the
test output and not to compile XML inconditionally --pablo ]

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:21 +0000 (13:37 +0200)]

exthdr: xml: rename type node to exthdr_type

This patch renames the <type> node in the exthdr expr to <exthdr_type>.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Thu, 27 Jun 2013 17:35:21 +0000 (19:35 +0200)]

nat: xml: rename node type to nat_type

This patch renames the node <type> to a more explicit <nat_type>.

This will prevent in the future from confusing other <type> nodes from other exprs.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:19 +0000 (13:37 +0200)]

nat: snprintf: fix buffer offset

This patch fix the buffer offset necesary to print correctly the nat expr in a default output mode.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:18 +0000 (13:37 +0200)]

meta: xml: use string to represent key attribute

Use a string for <key> node instead of a number.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:17 +0000 (13:37 +0200)]

exthdr: xml: use string for type node

This patch implements using a string for the <type> node.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:15 +0000 (13:37 +0200)]

payload: xml: use string for base attribute

This patch implements using a string instead of a number for the <base> node.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:14 +0000 (13:37 +0200)]

target&match: xml: don't print rev number

The <rev> node is not printed/parsed anymore. It should not be exported,
this is negotiated with the kernel.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:13 +0000 (13:37 +0200)]

data_reg: xml: display register in big endian

Display registers in big endian, so the output will be the same in
different endianness CPU.

<data>0xaabbccdd</data>

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:12 +0000 (13:37 +0200)]

data_reg: xml: fix len node, it should show byte length

Previous to this patch, the <len> node was 'how many <dataN> nodes we have'.
However, the <len> node means 'how many bytes are in <dataN> nodes'.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:10 +0000 (13:37 +0200)]

chain: xml: use string for policy

Now the <policy> node is using "accept" or "drop".

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:09 +0000 (13:37 +0200)]

exthdr: xml: fix mandatory elements

According to net/netfilter/nft_exthdr.c: nft_exthdr_init(),
all of dreg, type, offset and len are mandatory:

if (tb[NFTA_EXTHDR_DREG] == NULL ||
    tb[NFTA_EXTHDR_TYPE] == NULL ||
    tb[NFTA_EXTHDR_OFFSET] == NULL ||
    tb[NFTA_EXTHDR_LEN] == NULL)
return -EINVAL;

So the XML parser must make sure the equivalent nodes exists.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:08 +0000 (13:37 +0200)]

ct: xml: use key names instead of numbers

ct expr uses a string instead of a numerical one in the <key> node.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:07 +0000 (13:37 +0200)]

ct: xml: add extra dir check

This patch adds an extra dir check.

0 means original.
1 means a reply.

Pablo decided not to include nf_conntrack_tuple_common.h, instead internally
defined them.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:04 +0000 (13:37 +0200)]

nat: xml: fix node names for sreg_addr_{min|max}

This patch changes the name of XML nodes from <sreg_addr_min_v4> to
<sreg_addr_min>, and <sreg_addr_max_v4> to <sreg_addr_max>, as they
are register numbers, not addresses, so they are protocol independent.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:03 +0000 (13:37 +0200)]

nat: xml: change nat types string to dnat/snat

This patch replaces the string NFT_NAT_{S|D}NAT with {s|d}nat in
the <type> node.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero [Thu, 27 Jun 2013 16:56:38 +0000 (18:56 +0200)]

src: xml: convert family values to string

This patch translates family values to display a string:

* ip if AF_INET
* ip6 if AF_INET6
* bridge if AF_BRIDGE
* arp if 0

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Thu, 27 Jun 2013 16:55:47 +0000 (18:55 +0200)]

chain: add hooknum2str

This patch translates the Netfilter hooknumber to a readable string.

Useful for printing and parsing in XML and JSON formats.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero [Wed, 26 Jun 2013 11:37:05 +0000 (13:37 +0200)]

byteorder: xml: op as string

This patch changes the numerical value of the XML byteorder's <op> node to a string representation.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:02 +0000 (13:37 +0200)]

expr: xml: registers must be <= NFT_REG_MAX

With this patch, all expressions validate that registers are <= NFT_REG_MAX.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:37:00 +0000 (13:37 +0200)]

bitwise: xml: mask and xor use same number of data registers

The mask and xor must use the same number of data registers.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 26 Jun 2013 11:36:59 +0000 (13:36 +0200)]

rule: xml: conditional display of compat info

The compat XML info is now conditional both when printing and parsing.
It is only used by iptables-nftables.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Fri, 21 Jun 2013 12:46:47 +0000 (14:46 +0200)]

set_elem: add nft_set_elem_attr_set_str

It was not implemented, it was defined in the header anf map files
though.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Wed, 19 Jun 2013 15:53:25 +0000 (17:53 +0200)]

expr: add nft_rule_expr_snprintf

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Wed, 19 Jun 2013 15:06:57 +0000 (17:06 +0200)]

set_elem: fix nft_set_elem_attr_get with NFT_SET_ELEM_ATTR_CHAIN

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Wed, 19 Jun 2013 15:05:38 +0000 (17:05 +0200)]

set_elem: fix wrong flags setting in nft_set_elems_parse2

Set element object flags instead of set flags.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Wed, 19 Jun 2013 09:46:37 +0000 (11:46 +0200)]

set: add missing set/unset support for NFT_SET_ATTR_DATA_[TYPE|LEN]

While at it, use fixed length uint32_t instead of size_t.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero [Mon, 3 Jun 2013 20:44:55 +0000 (22:44 +0200)]

expr: xml: don't print target and match info

This is binary layout of the iptables target/match, we can do nothing
with it at this moment. Let's get rid of it.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero [Wed, 5 Jun 2013 21:37:18 +0000 (23:37 +0200)]

examples: unset chain & rule handle

Use _unset functions to delete handle so test don't fail.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero [Sat, 15 Jun 2013 01:16:15 +0000 (03:16 +0200)]

rule: xml: delete trailing space

This patch fixes a trailing space in rule xml_snprintf.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Mon, 17 Jun 2013 19:23:12 +0000 (21:23 +0200)]

nat: xml: fix crash during parsing if non-mandatory element is not present

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero [Sat, 15 Jun 2013 01:16:03 +0000 (03:16 +0200)]

nat: xml: fix wrong offset in snprintf

This patch fixes the buffer offset of the nat snprintf function
so elements are properly printed.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero [Sat, 15 Jun 2013 00:36:13 +0000 (02:36 +0200)]

expr: bitwise: xml: fix wrong casting

Introduced in (51370f0 src: add support for XML parsing)

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Mon, 17 Jun 2013 18:51:35 +0000 (20:51 +0200)]

set: fix nft_set_attr_get with NFT_SET_ATTR_KEY_FLAGS

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Mon, 17 Jun 2013 18:15:13 +0000 (20:15 +0200)]

set_elem: fix wrong flags set for NFT_SET_ELEM_ATTR_FLAGS

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Mon, 17 Jun 2013 15:45:07 +0000 (17:45 +0200)]

src: set NFT_*_ATTR_FAMILY in nft_*_parse function

This attribute was not approapriately set in most cases.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Mon, 17 Jun 2013 00:39:35 +0000 (02:39 +0200)]

chain: fix nft_chain_attr_set_str

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Sun, 16 Jun 2013 22:37:07 +0000 (00:37 +0200)]

include: add stdbool.h to libnftables/expr.h

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Sat, 15 Jun 2013 20:19:23 +0000 (22:19 +0200)]

src: constify first parameter of all nft_*_get

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Fri, 14 Jun 2013 14:43:05 +0000 (16:43 +0200)]

set: add NFT_SET_ATTR_FAMILY

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Sun, 16 Jun 2013 22:39:38 +0000 (00:39 +0200)]

src: add nft_*_attr_is_set

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Thu, 13 Jun 2013 19:15:05 +0000 (21:15 +0200)]

src: add nft_*_list_foreach

This patch adds a simplied iterator interface.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Thu, 13 Jun 2013 11:33:08 +0000 (13:33 +0200)]

expr: add limit

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Wed, 12 Jun 2013 12:16:41 +0000 (14:16 +0200)]

expr: add byteorder

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Wed, 12 Jun 2013 10:21:10 +0000 (12:21 +0200)]

expr: add ct

This patch adds the ct expression.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Tue, 11 Jun 2013 12:20:15 +0000 (14:20 +0200)]

expr: add exthdr

This patch adds support for the exthdr expression of nftables that
is implemented in linux/net/netfilter/nft_exthdr.c

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Tue, 11 Jun 2013 00:37:24 +0000 (02:37 +0200)]

build: fix missing interlibrary dependency

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Mon, 10 Jun 2013 17:23:03 +0000 (19:23 +0200)]

expr: add log expression

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Alvaro Neira Ayuso [Sat, 8 Jun 2013 03:36:12 +0000 (03:36 +0000)]

examples: nft-chain-get: export in JSON format

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Alvaro Neira Ayuso [Sat, 8 Jun 2013 03:36:04 +0000 (03:36 +0000)]

chain: add function to export tables in JSON format

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Sat, 8 Jun 2013 17:15:40 +0000 (19:15 +0200)]

set_elem: add NFT_SET_ELEM_ATTR_DATA to set data for mapping

We need this new attribute to configure the data that is attached
to an element. This is useful for the mapping feature to retrieve
data based on keys (like a dictionary) that nftables provides.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Sat, 8 Jun 2013 04:02:33 +0000 (04:02 +0000)]

data_reg: xml: delete unreachable code in _veredict_xml_parse()

Similar to commit 414ac29.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Fri, 7 Jun 2013 12:24:47 +0000 (14:24 +0200)]

src: fix nft_*_unset function attribute that don't release data

In (dde2039 src: add nft_*_unset functions), I mangled Arturo's
patch to add a default case, but he was intentionally not adding
it to unset attributes that require no memory releases.

I prefered to add the attributes explicitly in the switch rather
on failing back on the default action.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Fri, 7 Jun 2013 00:52:17 +0000 (00:52 +0000)]

src: add nft_*_unset functions

These functions unset the given attribute in each object and
release the data if needed.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Alvaro Neira Ayuso [Thu, 6 Jun 2013 23:14:23 +0000 (23:14 +0000)]

examples: nft-table-get: export in JSON format

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Alvaro Neira Ayuso [Thu, 6 Jun 2013 23:14:16 +0000 (23:14 +0000)]

table: add function to export tables in JSON format

Signed-off-by: Alvaro Neira <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Mon, 3 Jun 2013 05:58:38 +0000 (05:58 +0000)]

src: xml: add versioning

Add version to XML chunks in case of future changes.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Wed, 5 Jun 2013 03:50:01 +0000 (05:50 +0200)]

examples: nft-rule-add: fix compilation warning

CC nft-rule-add.o
nft-rule-add.c:105:13: warning: ‘add_payload’ defined but not used [-Wunused-function]

Reported-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Pablo Neira Ayuso [Wed, 5 Jun 2013 03:48:03 +0000 (05:48 +0200)]

examples: nft-rule-add: remove unexistent libnftables/payload.h include

Reported-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Eric Leblond [Mon, 3 Jun 2013 22:05:23 +0000 (22:05 +0000)]

expr: immediate: fix display of dreg expression

Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Eric Leblond [Mon, 3 Jun 2013 22:05:22 +0000 (22:05 +0000)]

examples: nft-events: add newline to output

This patch adds a new line to messages to be sure that they are
printed to the shell as soon as they occur. This also fixes the
display of output.

Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Mon, 3 Jun 2013 10:44:52 +0000 (10:44 +0000)]

rule: fix bad offset returned by _snprintf

Noted while calling _snprintf functions consecutively.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Mon, 3 Jun 2013 07:15:20 +0000 (07:15 +0000)]

data_reg: xml: delete unreachable code

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 29 May 2013 12:45:06 +0000 (12:45 +0000)]

data_reg: xml: fix using bad temp variable

It should use 'utmp' instead of 'tmp'.

Signed-off-by: Arturo Borero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Tue, 28 May 2013 05:06:21 +0000 (05:06 +0000)]

data_reg: remove conditional XML printing if parsing is disabled

XML printing is supported even if XML parsing is not enabled.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Tue, 28 May 2013 05:07:02 +0000 (05:07 +0000)]

data_reg: Delete trailing space in snprintf_xml

A minor cosmetic change. Delete the space before '>'.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Tue, 28 May 2013 05:06:08 +0000 (05:06 +0000)]

rule: fix table flag not being set at XML parsing

Added in (51370f0 src: add support for XML parsing).

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero [Fri, 24 May 2013 01:28:41 +0000 (01:28 +0000)]

chain: delete useless castings

These casting were useless.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Wed, 22 May 2013 00:33:25 +0000 (00:33 +0000)]

examples: XML parsing examples

Some code snipplets to add tables/chain/rules using the XML representation.

The examples contains:
* A binary to parse/add the object using libnftables.
* A shellscript to easily call that binary, doing some tests.
* table/chain/rule sample XML file.

I included my name in new files, but I don't know if this is correct. Please let me know.

Instructions:
$ cd examples/ ; make nft-table-xml-add
# cd test/ ; ./nft-table-xml-add.sh

NOTE: Some kernel changes are required to allow reinsert exactly what is printed (handle handling, flags..)

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Arturo Borrero Gonzalez [Thu, 23 May 2013 10:03:04 +0000 (12:03 +0200)]

src: add support for XML parsing

This patch adds capabilities for parsing a XML table/chain/rule.

Some comments:

* The XML data is case sensitive
(so <chain>asd</chain> != <chain>ASD</chain> != <CHAIN>asd</CHAIN>)
* All exported functions receive XML and return an object (table|chain|rule).
* To compile the lib with XML parsing support, run './configure --with-xml-parsing'
* XML parsing is done with libmxml (http://minixml.org). XML parsing depends
on this external lib, this dependency is optional at compile time.

NOTE: expr/target and expr/match binary data are exported.

[ Fixed to compile without --with-xml-parsing --pablo ]

Signed-off-by: Arturo Borrero González <arturo.borrero.glez@gmail.com>

commit | commitdiff | tree

Tomasz Bursztyka [Tue, 14 May 2013 00:51:20 +0000 (00:51 +0000)]

map: fix missing nft_rule_expr_build_payload export

Update .map file to include it, otherwise it's not exported.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit | commitdiff | tree

Tomasz Bursztyka [Tue, 14 May 2013 00:51:19 +0000 (00:51 +0000)]

expr: remove non implemented function

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Mirror of https://git.netfilter.org/libnftnl