This series fixes libnftnl JSON parsing support on big endian systems,
at least to the point that the testsuite passes.
Phil Sutter (3):
utils: Fix nftnl_get_value() on big endian
expr/data_reg: Fix JSON parsing on big endian
expr/exthdr: Fix JSON parsing on big endian
src/expr/data_reg.c
This function basically did:
| memcpy(out, val, );
which works only for little endian integer types. Fix this by assigning
the 64bit input value to a variable of the right size and use that as
input for above memcpy() call.
Signed-off-by: Phil Sutter
---
src/utils.c | 44
only consider the most
significant byte instead of the least significant one.
Signed-off-by: Phil Sutter
---
src/expr/exthdr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index 75cafbc113f73..a3518353be09a 100644
--- a/src/expr/exthdr.c
ned-off-by: Phil Sutter
---
src/expr/data_reg.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c
index 1b28b291617b8..ad7f4cb28ebd7 100644
--- a/src/expr/data_reg.c
+++ b/src/expr/data_reg.c
@@ -59,10 +59,10 @@ static
On Thu, Jun 21, 2018 at 07:35:18PM +0200, Jan Engelhardt wrote:
> On Thursday 2018-06-21 17:05, Phil Sutter wrote:
> >> >> >+# This is _NOT_ the library release version, it's an API version.
> >> >> >+# Extracted from Chapter 6 "Library inter
Hi Jan,
On Tue, Jun 19, 2018 at 10:40:44AM +0200, Jan Engelhardt wrote:
>
> On Monday 2018-06-18 12:30, Phil Sutter wrote:
> >> >Analogous to libnftnl's build system, define libnftables interface
> >> >version in a variable in Make_global.am.
> >> >+#
match. Adding this to the
already large conditional led to even more unreadable code, therefore
this patch tries to clean that up (and also removes the partial code
duplication.
Signed-off-by: Phil Sutter
---
When trying to test/fix this for bridge family, I noticed a few oddities
I am unsure how
Hi,
On Thu, Jun 21, 2018 at 11:26:37AM +0200, Máté Eckl wrote:
> On Thu, Jun 21, 2018 at 10:42:25AM +0200, Phil Sutter wrote:
> > Hi Máté,
> >
> > On Tue, Jun 19, 2018 at 11:50:24AM +0200, Máté Eckl wrote:
> > [...]
> > > diff --git a/src/parser_bison.y b/sr
On Wed, Jun 20, 2018 at 01:45:25PM +0200, Pablo Neira Ayuso wrote:
> On Wed, Jun 20, 2018 at 10:10:34AM +0200, Phil Sutter wrote:
> > Hi Eric,
> >
> > On Tue, Jun 19, 2018 at 11:46:56PM +0200, Eric Leblond wrote:
> > > Move import and use explici
Hi Máté,
On Tue, Jun 19, 2018 at 11:50:24AM +0200, Máté Eckl wrote:
[...]
> diff --git a/src/parser_bison.y b/src/parser_bison.y
> index 98bfeba..d753fd9 100644
> --- a/src/parser_bison.y
> +++ b/src/parser_bison.y
> @@ -21,6 +21,7 @@
> #include
> #include
> #include
> +#include
>
Hi Jan,
On Mon, Jun 18, 2018 at 02:27:06PM +0200, Jan Engelhardt wrote:
> On Monday 2018-06-18 13:51, Eric Leblond wrote:
> >diff --git a/doc/Makefile.am b/doc/Makefile.am
> >index 9796d34..1ec3b3e 100644
> >--- a/doc/Makefile.am
> >+++ b/doc/Makefile.am
> >@@ -9,19 +9,19 @@ endif
> >
On Mon, Jun 18, 2018 at 12:13:10PM +0200, Jan Engelhardt wrote:
>
> On Monday 2018-06-18 10:43, Phil Sutter wrote:
>
> >Analogous to libnftnl's build system, define libnftables interface
> >version in a variable in Make_global.am.
> >
> >Suggested-by: Pablo Ne
or message, the offending input line is read from the input file
directly (which still contains tabs).
The solution is to simply drop said tab conversion from scanner.l.
Signed-off-by: Phil Sutter
---
src/scanner.l | 16 +---
1 file changed, 1 insertion(+), 15 deletions(-)
diff -
w(0);
| nft_ctx_buffer_output(nft);
| nft_ctx_unbuffer_output(nft);
| nft_ctx_buffer_output(nft);
While being at it, apply the same fix to error path in init_cookie() as
well.
Signed-off-by: Phil Sutter
---
src/libnftables.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/libnftables.
, according to some best practices I found on
the internet(TM).
Patch 3 resolves a stupid mistake in output/error buffering support
discovered while implementing the example found in libnftables man page.
Phil Sutter (3):
scanner: Do not convert tabs into spaces
doc: libnftables-json: Review asciidoc
Analogous to libnftnl's build system, define libnftables interface
version in a variable in Make_global.am.
Suggested-by: Pablo Neira Ayuso
Signed-off-by: Phil Sutter
---
Make_global.am | 21 +
src/Makefile.am | 4 +++-
2 files changed, 24 insertions(+), 1 deletion
for listings.
* Enclose verses with empty lines in a verse block instead of having
multiple verses for it.
* Indent continued lines in synopsis for added readability.
[1] https://asciidoctor.org/docs/asciidoc-recommended-practices/
Signed-off-by: Phil Sutter
---
doc/libnftables-json.adoc | 326
to append a final newline character, there
strlen() is perfectly sufficient.
Suggested-by: Harald Welte
Cc: Laura Garcia Liebana
Cc: Eric Leblond
Cc: Arturo Borrero Gonzalez
Signed-off-by: Phil Sutter
---
Changes since v1:
- Add -version-info to libnftables LDFLAGS to bump library interface
to append a final newline character, there
strlen() is perfectly sufficient.
Suggested-by: Harald Welte
Cc: Laura Garcia Liebana
Cc: Eric Leblond
Signed-off-by: Phil Sutter
---
doc/libnftables.adoc | 9 -
include/json.h | 5 +++--
include/nftables/libnftables.h
Previous patch adding libnftables man page missed a backslash.
Fixes: 3c57ff87b1b2b ("doc: Add libnftables man page")
Signed-off-by: Phil Sutter
---
doc/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/Makefile.am b/doc/Makefile.am
index a77
For now, use a single man page to describe all the functions exported by
libnftables.
Signed-off-by: Phil Sutter
---
doc/.gitignore | 2 +
doc/Makefile.am | 10 +-
doc/libnftables.adoc | 315 +++
3 files changed, 324 insertions(+), 3
w(0);
| nft_ctx_buffer_output(nft);
| nft_ctx_unbuffer_output(nft);
| nft_ctx_buffer_output(nft);
While being at it, apply the same fix to error path in init_cookie() as
well.
Signed-off-by: Phil Sutter
---
src/libnftables.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/libnftables.
Analogous to commit 3dddef928d80d ("statement: don't print burst if
equals 5"), don't print the default burst value.
Signed-off-by: Phil Sutter
---
src/json.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/json.c b/src/json.c
index 306cab7b5426c..9019982a9e
Signed-off-by: Phil Sutter
---
include/json.h| 2 ++
src/json.c| 10 ++
src/parser_json.c | 19 +++
src/statement.c | 1 +
4 files changed, 32 insertions(+)
diff --git a/include/json.h b/include/json.h
index 1972bc841525d..0a93bca8d9ead 100644
le being at it, add a testcase to make sure the extended syntax works
right.
Signed-off-by: Phil Sutter
---
src/json.c | 13 --
src/parser_json.c | 40 --
tests/py/any/fwd.t | 1 +
tests
This way JSON format is more consistent with the standard one.
Signed-off-by: Phil Sutter
---
src/json.c | 8 +++-
src/parser_json.c | 2 +-
tests/py/any/ct.t.json | 2 +-
tests/py/any/ct.t.json.output | 2 +-
tests/py/any/meta.t.json
Changing the reference lines is not enough, the actual JSON has to be
adjusted as well. Since after the changes output for ip/flowtable.t is
now symmetric, ip/flowtable.t.json.output can be removed.
Signed-off-by: Phil Sutter
---
tests/py/ip/flowtable.t.json | 1 +
tests/py/ip
-by: Phil Sutter
---
configure.ac | 10 +
doc/.gitignore|2 +
doc/Makefile.am | 17 +-
doc/libnftables-json.adoc | 1236 +
4 files changed, 1261 insertions(+), 4 deletions(-)
create mode 100644 doc/libnftables-json.adoc
Signed-off-by: Phil Sutter
---
include/json.h | 2 ++
include/socket.h| 2 ++
src/json.c | 6 ++
src/parser_json.c | 23 +++
src/socket.c| 2 ++
tests/py/inet/socket.t.json | 28
; flags interval ; }
| ^^
Signed-off-by: Phil Sutter
---
src/evaluate.c | 4
1 file changed, 4 insertions(+)
diff --git a/src/evaluate.c b/src/evaluate.c
index 33733c0e73075..22b14c972d930 100644
--- a/src/evaluate.c
+++ b
EL_ enumeration and use it from nft_log.
>
> Fixes: 1a893b44de45 ("netfilter: nf_tables: Add audit support to log
> statement")
> Signed-off-by: Pablo Neira Ayuso
Acked-by: Phil Sutter
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the
This was missed by commit fb557b5546084 ("JSON: Sort out rule position
and handles in general"): When adding a rule, the parser would still
expect "pos" property instead of "index".
Signed-off-by: Phil Sutter
---
src/parser_json.c | 2 +-
1 file changed, 1 ins
licated
'{ "*": null }' it was before (done in patch 2).
BTW: I wasn't able to make use of wildcard expression at all when
playing around, is this even in use anymore?
The remaining patches contain misc JSON fixes/improvements.
Phil Sutter (7):
parser_bison: Merge wildcard_rhs_expr and wildc
Instead of dedicating an object for it ('{ "*": null }'), just use a
string consisting of an asterisk as sole character.
Signed-off-by: Phil Sutter
---
src/parser_json.c | 23 +++
1 file changed, 11 insertions(+), 12 deletions(-)
diff --git a/src/parser_js
This was completely broken. Yet another indicator the JSON API part of
testsuite is insufficient.
Signed-off-by: Phil Sutter
---
src/parser_json.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/parser_json.c b/src/parser_json.c
index 7971553651f27..9b7aef4b498cc
The two are absolutely identical, just referenced at different places.
Since there is no need for the distinction, just merge them into one.
Signed-off-by: Phil Sutter
---
src/parser_bison.y | 25 +++--
1 file changed, 7 insertions(+), 18 deletions(-)
diff --git a/src
When parsing large (uint64_t) values, capital 'I' has to be used in
format string. While being at it, make sure JSON output code handles
those variables correctly, too.
Signed-off-by: Phil Sutter
---
src/json.c| 26 +++---
src/parser_json.c | 28
The output differs from input in added size property.
Signed-off-by: Phil Sutter
---
tests/py/ip6/flowtable.t.json.output | 62
1 file changed, 62 insertions(+)
create mode 100644 tests/py/ip6/flowtable.t.json.output
diff --git a/tests/py/ip6
Reuse verdict expression parsing routine. Since the statement simply
wraps an expression, this change is an obvious one.
Signed-off-by: Phil Sutter
---
src/parser_json.c | 39 +++
1 file changed, 3 insertions(+), 36 deletions(-)
diff --git a/src
This is implemented via a pseudo log level. The kernel ignores any other
parameter, so reject those at evaluation stage. Audit logging is
therefore simply a matter of:
| log level audit
Signed-off-by: Phil Sutter
---
include/linux/netfilter/nf_tables.h | 5 +
src/evaluate.c
This extends log statement to support the behaviour achieved with
AUDIT target in iptables.
Audit logging is enabled via a pseudo log level 8. In this case any
other settings like log prefix are ignored since audit log format is
fixed.
Signed-off-by: Phil Sutter
---
Changes since v1:
- Fix
This extends log statement to support the behaviour achieved with
AUDIT target in iptables.
Audit logging is enabled via a pseudo log level 8. In this case any
other settings like log prefix are ignored since audit log format is
fixed.
Signed-off-by: Phil Sutter
---
include/uapi/linux
When parsing the optional "field" property, use return code of
json_unpack() directly to check if it was present or not.
Signed-off-by: Phil Sutter
---
src/parser_json.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/parser_json.c b/src/parser_js
,
identified while testing the above.
Changes since v1:
- Dropped patch 14.
- Adjusted JSON output in patch 6 to include meter size (required after
dropping patch 14).
- Added new patch 14 adding one more missing JSON equivalent.
Phil Sutter (14):
objref: Use "ct helper" for NFT_OBJECT
Property name "helper" was a bit unclear, "type" is better.
Signed-off-by: Phil Sutter
---
src/json.c| 2 +-
src/parser_json.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/json.c b/src/json.c
index e458eb3e4bdd8..1b73b919d5df2 100
Fix parsing and printing of named limit objects by aligning the code
with parser/printer of anonymous ones.
Signed-off-by: Phil Sutter
---
src/json.c| 43 -
src/parser_json.c | 49 ++-
2 files changed
Signed-off-by: Phil Sutter
---
tests/py/inet/tcp.t.json | 16
1 file changed, 16 insertions(+)
diff --git a/tests/py/inet/tcp.t.json b/tests/py/inet/tcp.t.json
index 559206dfd323f..f5df72aa252a6 100644
--- a/tests/py/inet/tcp.t.json
+++ b/tests/py/inet/tcp.t.json
@@ -1021,6
Change name of NFT_OBJECT_CT_HELPER in objref_type table to "ct helper"
for consistency. Note that this is not used in regular nft output since
objref_stmt_print() treats this object type separately.
Signed-off-by: Phil Sutter
---
src/parser_json.c | 2 +-
src/s
This adds the missing JSON variant for the two rules which are supposed
to work.
Fixes: 2efbdf7b8fcf7 ("tests: py: allow to specify sets with a timeout")
Signed-off-by: Phil Sutter
---
tests/py/inet/sets.t.json | 37 +
1 file changed, 37 insertions(
Signed-off-by: Phil Sutter
---
src/parser_json.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/parser_json.c b/src/parser_json.c
index bd1c0a04993c8..432991fa152d4 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -951,7 +951,7 @@ static struct expr
The key must be a set elem expression, but if a "regular" expression was
provided (which should be commonly accepted in case no set elem specific
properties are required), the resulting object tree crashed libnftables.
Signed-off-by: Phil Sutter
---
src/parser_json.c | 4 ++--
1 file
Commit 71624f25f22b1 ("tests: py: add expires tests with different time
bases") removed two testcases and added five other ones, adjust JSON
equivalent and recorded output to those changes.
Fixes: 71624f25f22b1 ("tests: py: add expires tests with different time bases")
Signed
s - caller assures sane context already.
* Improve error message a bit for denied JSON types.
Signed-off-by: Phil Sutter
---
src/parser_json.c | 76 +++
1 file changed, 31 insertions(+), 45 deletions(-)
diff --git a/src/parser_json.c b/src/parser_js
():
json_parse_flagged_expr() may return NULL.
Signed-off-by: Phil Sutter
---
Changes since v1:
- Adjust JSON expected output for meter size.
---
src/json.c | 6 +++---
src/parser_json.c | 15 ---
tests/py/ip/flowtable.t.json| 2 +-
tests/py/ip
Hi,
On Mon, May 28, 2018 at 03:59:39PM +0200, Florian Westphal wrote:
> Phil Sutter <p...@nwl.cc> wrote:
> > A meter size of 0x is the default, so regardless of whether it was
> > explicitly specified by user or not, don't print it. This is in line
> > with nft's t
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
src/parser_json.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/parser_json.c b/src/parser_json.c
index bd1c0a04993c8..432991fa152d4 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -951,7 +951,7 @@ static struc
():
json_parse_flagged_expr() may return NULL.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
src/json.c | 6 +++---
src/parser_json.c | 15 ---
tests/py/ip/flowtable.t.json| 2 +-
tests/py/ip/flowtable.t.json.outpu
The key must be a set elem expression, but if a "regular" expression was
provided (which should be commonly accepted in case no set elem specific
properties are required), the resulting object tree crashed libnftables.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
src/parser_js
Meter name being optional seems to come from old flow statement, so
don't support this. Also add size support as was recently added to
standard syntax.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
src/json.c| 5 +++--
src/parser_json.c | 11 ++-
2 files changed, 9 inse
This adds the missing JSON variant for the two rules which are supposed
to work.
Fixes: 2efbdf7b8fcf7 ("tests: py: allow to specify sets with a timeout")
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
tests/py/inet/sets.t.json | 37 +
1
Commit 71624f25f22b1 ("tests: py: add expires tests with different time
bases") removed two testcases and added five other ones, adjust JSON
equivalent and recorded output to those changes.
Fixes: 71624f25f22b1 ("tests: py: add expires tests with different time bases")
Signed
Change name of NFT_OBJECT_CT_HELPER in objref_type table to "ct helper"
for consistency. Note that this is not used in regular nft output since
objref_stmt_print() treats this object type separately.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
src/parser_json.c | 2 +-
Property name "helper" was a bit unclear, "type" is better.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
src/json.c| 2 +-
src/parser_json.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/json.c b/src/json.c
index e458eb3e4
Concat expressions with just a single element don't make sense, so
there's no point in supporting a shorter syntax for this.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
src/parser_json.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/parser_json.c b/src/parser_
When parsing the optional "field" property, use return code of
json_unpack() directly to check if it was present or not.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
src/parser_json.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/parser_json.c b/s
size.
- Make meter_stmt_alloc() assign the default size value.
Also adjust testcases in tests/py/ip{,6}/flowtable.t accordingly.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
include/statement.h | 2 ++
src/json.c | 9 ++---
src/parser_b
with other
redundant expressions which are optimized away.
Phil Sutter (14):
objref: Use "ct helper" for NFT_OBJECT_CT_HELPER
JSON: Use "type" for CT helper object
JSON: Disallow non-array concat expression values
JSON: Sort out rule position and handles in general
s - caller assures sane context already.
* Improve error message a bit for denied JSON types.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
src/parser_json.c | 76 +++
1 file changed, 31 insertions(+), 45 deletions(-)
diff --git a/src/par
Fix parsing and printing of named limit objects by aligning the code
with parser/printer of anonymous ones.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
src/json.c| 43 -
src/parser_json.c | 49 ++--
is no
"position" property to drop from rule output, and "handle" property will
always be present.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
src/json.c | 37 +
src/parser_json.c| 14 +-
tests/py/nft-test.py | 10 +
Bridge family allows reject statement in prerouting and input chains
only. Users can't know without looking at kernel code.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
doc/nft.xml | 4
1 file changed, 4 insertions(+)
diff --git a/doc/nft.xml b/doc/nft.xml
index 05193e6
in case a command was rejected by the kernel.
To overcome this, keep the scanner pointer in struct nft_ctx so that it
can be kept in place until kernel communication has finished.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
include/nftables.h | 1 +
src/libnftables.c
Discussion showed that rule index may be interpreted as being absolute
or relative, so just drop this adjective without replacement.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
doc/nft.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/nft.xml b/doc/nft.xml
Hi,
On Fri, May 11, 2018 at 12:16:07PM +0200, Pablo Neira Ayuso wrote:
> On Sat, May 05, 2018 at 02:55:52PM +0200, Phil Sutter wrote:
> > This series adds JSON input and output support to libnftables via
> > libjansson.
>
> Series applied, thanks Phil.
>
> Except
Since EINVAL usually indicates errors from kernel, avoid using it here
too. Instead return ENOENT to indicate there's no entry to append or
prepend the rule to.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
src/evaluate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
Hi Pablo,
On Wed, May 09, 2018 at 06:42:17PM +0200, Pablo Neira Ayuso wrote:
> I just noticed one thing, see below.
>
> On Wed, May 09, 2018 at 04:03:42PM +0200, Phil Sutter wrote:
> > diff --git a/src/evaluate.c b/src/evaluate.c
> > index 46c97606ea8af..cb27f7c269049
Hi Pablo,
On Wed, May 09, 2018 at 06:31:56PM +0200, Pablo Neira Ayuso wrote:
> On Wed, May 09, 2018 at 04:03:39PM +0200, Phil Sutter wrote:
> > As discussed before, this patch series introduces 'handle' keyword to
> > add/insert rule commands as a more intuitive and consist
Combine it with 0002insertposition_0 due to the many similarities,
extend it to test 'handle' and 'index' parameters as well and rename the
testcase accordingly.
Also add a new 0002addinsertlocation_1 which tests that wrong argument
to all of the location parameters fails.
Signed-off-by: Phil
Instead, use 'handle' keyword for the same effect since that is more
consistent with respect to replace/delete commands. The old keyword is
still supported for backwards compatibility and also listed in man page
along with a hint that it shouldn't be used anymore.
Signed-off-by: Phil Sutter &l
As discussed before, this patch series introduces 'handle' keyword to
add/insert rule commands as a more intuitive and consistent alternative
to 'position'.
On top of that, adding/inserting rules at an absolute position is
implemented via the new 'index' keyword.
Phil Sutter (4):
Deprecate add
location might not be ideal.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
doc/nft.xml| 31 ---
include/rule.h | 1 +
src/evaluate.c | 45 +
src/parser_bison.y | 18 --
src/rule.c
This allows to make error messages point to the right part of the
command after handles were merged.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
src/rule.c | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/rule.c b/src/rule.c
index 2f0123b7a4a58..f0c6048
format support for regular 'nft list' commands.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
Changes since v1:
- Fix numerical uid/gid output (use a JSON integer instead of string).
Changes since v2:
- Implement json_pack_assert() as a macro. This way triggered assert()
prints a useful line
representation.
* ct_dir2str(): Convert IP_CT_DIR_* values into string representation.
* ct_label2str(): Convert ct_label values into string representation.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
include/ct.h| 2 ++
include/statement.h | 3 +++
src/ct.c
is known when including this file.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
include/expression.h | 2 ++
include/fib.h| 3 +++
include/rule.h | 2 ++
include/statement.h | 2 ++
src/expression.c | 2 +-
src/fib.c| 2 +-
src/rule.c | 4 ++--
src/state
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
tests/py/nft-test.py | 126 ++-
1 file changed, 65 insertions(+), 61 deletions(-)
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index d4b22817d7665..f4ddc91b39291 100755
--- a/tests/py/nft-t
When testing rule adding to different table families, expected payload
was read for each tested family again. Instead, read it just once and
just try to read a family-specific payload for each tested family.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
tests/py/nft-test.p
src/tcpopt.c
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
include/ct.h| 2 ++
include/datatype.h | 1 +
include/meta.h | 4
include/rt.h| 2 ++
include/rule.h | 3 +++
include/statement.h | 2 ++
include/tcpopt.h| 4
src/ct.c| 2 +
This should be dropped for a real UAPI header update.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
include/linux/netfilter/nf_tables.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/linux/netfilter/nf_tables.h
b/include/linux/netfilter/nf_tables.h
index 517a39a
Print the non-equal parts of the two rules in yellow when printing the
differences warning.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
tests/py/nft-test.py | 35 ++-
1 file changed, 34 insertions(+), 1 deletion(-)
diff --git a/tests/py/nft-test.py b/te
with
expected standard output.
Phil Sutter (14):
include/linux: Add required NFT_CT_MAX macro
libnftables: Put bison parsing into dedicated functions
libnftables: Make some arrays globally accessible
libnftables: Make some functions globally accessible
libnftables: Introduce a few helper
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
py/nftables.py | 45 -
1 file changed, 44 insertions(+), 1 deletion(-)
diff --git a/py/nftables.py b/py/nftables.py
index eb81f5b2fdb9c..47ff14afc9741 100644
--- a/py/nftables.py
+++ b/py/nftab
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
py/nftables.py | 25 +
1 file changed, 25 insertions(+)
diff --git a/py/nftables.py b/py/nftables.py
index c175975076982..eb81f5b2fdb9c 100644
--- a/py/nftables.py
+++ b/py/nftables.py
@@ -47,6 +47,13 @@ class Nf
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
py/nftables.py | 25 +
1 file changed, 25 insertions(+)
diff --git a/py/nftables.py b/py/nftables.py
index c175975076982..eb81f5b2fdb9c 100644
--- a/py/nftables.py
+++ b/py/nftables.py
@@ -47,6 +47,13 @@ class Nf
Print the non-equal parts of the two rules in yellow when printing the
differences warning.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
tests/py/nft-test.py | 35 ++-
1 file changed, 34 insertions(+), 1 deletion(-)
diff --git a/tests/py/nft-test.py b/te
is known when including this file.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
include/expression.h | 2 ++
include/fib.h| 3 +++
include/rule.h | 2 ++
include/statement.h | 2 ++
src/expression.c | 2 +-
src/fib.c| 2 +-
src/rule.c | 4 ++--
src/state
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
tests/py/nft-test.py | 16 +---
1 file changed, 5 insertions(+), 11 deletions(-)
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index f4ddc91b39291..ef9c6dbb769e5 100755
--- a/tests/py/nft-test.py
+++ b/tests/py/nft-t
src/tcpopt.c
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
include/ct.h| 2 ++
include/datatype.h | 1 +
include/meta.h | 4
include/rt.h| 2 ++
include/rule.h | 3 +++
include/statement.h | 2 ++
include/tcpopt.h| 4
src/ct.c| 2 +
:
- Fix patches 6, 7 and patch 14 (former patch 13).
- New patch 13.
Phil Sutter (14):
include/linux: Add required NFT_CT_MAX macro
libnftables: Put bison parsing into dedicated functions
libnftables: Make some arrays globally accessible
libnftables: Make some functions globally accessible
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
tests/py/nft-test.py | 126 ++-
1 file changed, 65 insertions(+), 61 deletions(-)
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index d4b22817d7665..f4ddc91b39291 100755
--- a/tests/py/nft-t
301 - 400 of 849 matches
Mail list logo
