[PATCH libnftnl] expr: imm: Fix immediate verdict comparison

t; returns they are equals. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/expr/immediate.c | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/expr/immediate.c b/src/expr/immediate.c index cb8a81b..b26fc8d 100644 --- a/src/expr/immedi

[PATCH 3/4 V6 nft] test: shell: Add tests for deleting rule by description

They checks if commands like "nft delete rule " works as is expected. First one checks if command deletes only one of the matched rules. Second one checks if command fails when rule did not found. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- .../testcases

[PATCH 4/4 V6 nft] parser: Improve syntax errors

mean `handle' or insert a rule description? delete rule t c position 3 ... Adds function 'erec_del_last' that deletes last error from the error queue. This is needed to do not show two error messages. Signed-off-by: Carlos Falgueras García <ca

[PATCH 1/4 V6 nft] Simplify parser rule_spec tree

by: Carlos Falgueras García <carlo...@riseup.net> --- src/evaluate.c | 68 +- src/parser_bison.y | 45 +--- 2 files changed, 22 insertions(+), 91 deletions(-) diff --git a/src/evaluate.c b/src/evaluate.c index

[PATCH 2/4 V6 nft] Implement deleting rule by description

Falgueras García <carlo...@riseup.net> --- src/evaluate.c | 6 ++ src/parser_bison.y | 24 src/rule.c | 50 -- 3 files changed, 70 insertions(+), 10 deletions(-) diff --git a/src/evaluate.c b/src/eval

[PATCH 2/3 v4 libnftnl] tests: Use libnftnl comparators in all tests

Use 'nftnl_expr_cmp' and 'nftnl_rule_cmp' in all tests instead of custom comparator for each one. If objects differ both are printed. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- tests/libtest.c | 30 ++ tests/lib

Re: [PATCH libnftnl] expr: hash: Add comparator to hash expression

Please ignore this patch. Pablo already added this chunk before. Sorry. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

[PATCH 3/3 v5 nft] Implement deleting rule by description

-by: Carlos Falgueras García <carlo...@riseup.net> --- src/evaluate.c | 6 ++ src/parser_bison.y | 32 src/rule.c | 45 +++-- 3 files changed, 73 insertions(+), 10 deletions(-) diff --git a/src/evaluate.c

[PATCH 1/3 v5 libnftnl] Implement rule comparison

pointer to a comparator. Also includes all expression comparators. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/data_reg.h | 3 +++ include/expr_ops.h | 1 + include/libnftnl/expr.h | 2 ++ include/libnftnl/rule.h | 2 ++ src/expr.c

[PATCH 2/3 v5 nft] Simplify parser rule_spec tree

or: syntax error, unexpected position, expecting handle delete rule t c position 3 ... Also new boolean field is added to the structure 'parser_state' in order to avoid print the error twice. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net&

[PATCH 2/3 v3 nft] tests: Use libnftnl comparators in all tests

Use 'nftnl_expr_cmp' and 'nftnl_rule_cmp' in all tests instead of custom comparator for each one. If objects differ both are printed. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- tests/libtest.c | 30 ++ tests/lib

[PATCH 1/3 v3 nft] tests: Consolidate printing error utilities

This patch adds libtest.c and libtest.h to reduce test code and consolidate it. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- .gitignore | 1 + tests/Makefile.am | 52 +--- tests/lib

[PATCH 2/3 v4 nft] Simplify parser rule_spec tree

or: syntax error, unexpected position, expecting handle delete rule t c position 3 ... Also new boolean field is added to the structure 'parser_state' in order to avoid print the error twice. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net&

[PATCH 1/3 v4 libnftnl] Implement rule comparison

pointer to a comparator. The expressions that can be compared with memcmp have this new field set to NULL, otherwise they have implemented a comparator. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/data_reg.h | 3 +++ include/expr_ops.h | 1 + include/li

[PATCH 3/3 v4 nft] Implement deleting rule by description

-by: Carlos Falgueras García <carlo...@riseup.net> --- src/evaluate.c | 6 ++ src/parser_bison.y | 32 src/rule.c | 45 +++-- 3 files changed, 73 insertions(+), 10 deletions(-) diff --git a/src/evaluate.c

[PATCH 2/2 v2 libnftnl] test: Use libnftnl comparators in all tests

Use 'nftnl_expr_cmp' and 'nftnl_rule_cmp' in all tests instead of custom comparator for each one. If objects differ both are printed. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- tests/libtest.c | 44 +++ tests/libtest.h

Re: [PATCH 1/2 libnftnl] utils: Fix out of bound access in nftnl_family2str

On 08/15/2016 01:03 PM, Pablo Neira Ayuso wrote: On Mon, Aug 15, 2016 at 12:51:02PM +0200, Carlos Falgueras García wrote: Checks array limits before access it and adds a missed translation. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/utils.c | 3 ++- 1 file chan

[PATCH 1/2 libnftnl] utils: Fix out of bound access in nftnl_family2str

Checks array limits before access it and adds a missed translation. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/utils.c b/src/utils.c index e2715a2..7264d1f 100644 --- a/src/utils.c

[PATCH 2/2 libnfntl] expr: cmp: Use cmp2str() instead of directly access to array

Uses cmp2str() which checks array bounds. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/expr/cmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/expr/cmp.c b/src/expr/cmp.c index f3dd62c..5d51958 100644 --- a/src/expr/cmp.c +++ b/src/expr

[PATCH 1/2 libnftnl] expr: Improve bound checking in stringification functions

In stringification functions that uses string tables it is convenient to check the array bounds and if the element is not null. Due use of designated initializers string tables can have gaps set to null. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/expr/byteorder

Re: [PATCH 1/4, V2, libnftnl] tests: Fix segfaults due outbound access

On 08/13/2016 12:12 PM, Pablo Neira Ayuso wrote: On Fri, Aug 12, 2016 at 10:17:19PM +0200, Carlos Falgueras García wrote: Changes random values for macros because the conversion to string of these values are performed by accessing to an array of strings. Then, we should fix the functions

[PATCH 4/4, V2, libnftnl] tests: Use libnftnl comparators in all tests

Use 'nftnl_expr_cmp' and 'nftnl_rule_cmp' in all tests instead of custom comparator for each one. If objects differ both are printed. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- tests/libtest.c | 44 +++ tests/libtest.h

[PATCH 3/4, V2, libnftnl] tests: Consolidate printing error utilities

This patch adds libtest.c and libtest.h to reduce test code and consolidate it. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- .gitignore | 1 + tests/Makefile.am | 52 +--- tests/lib

[PATCH 2/4, V2, libnftnl] tests: Fix wrong expression creation

Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- tests/nft-expr_masq-test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/nft-expr_masq-test.c b/tests/nft-expr_masq-test.c index f0302e2..3f9903d 100644 --- a/tests/nft-expr_masq-test.c +++ b/tes

[PATCH 1/4, V2, libnftnl] tests: Fix segfaults due outbound access

Changes random values for macros because the conversion to string of these values are performed by accessing to an array of strings. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- tests/nft-expr_cmp-test.c | 2 +- tests/nft-expr_nat-test.c | 4 ++-- 2 files chan

Re: [PATCH 2/2, libnftnl] Use libnftnl comparators in all tests

On 08/12/2016 01:32 AM, Pablo Neira Ayuso wrote: On Thu, Aug 11, 2016 at 03:25:07PM +0200, Carlos Falgueras García wrote: - cmp_nftnl_expr(rule_a,rule_b); + if (!nftnl_expr_cmp(rule_a, rule_b)) + print_err("expressions mismatches:\n\texpr 1: %s\n\texpr

Re: [PATCH 1/2, libnftnl] tests: Consolidate printing error utilities

On 08/12/2016 01:26 AM, Pablo Neira Ayuso wrote: On Thu, Aug 11, 2016 at 03:25:06PM +0200, Carlos Falgueras García wrote: diff --git a/tests/libtest.c b/tests/libtest.c new file mode 100644 index 000..91f2d5e --- /dev/null +++ b/tests/libtest.c @@ -0,0 +1,49 @@ +#include + +#include

[PATCH 1/2, libnftnl] tests: Consolidate printing error utilities

Created libtest.[hc] in order to consolidate code that is repeated in all tests. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- .gitignore | 1 + tests/Makefile.am | 52 + tests/lib

Re: [PATCH 1/4, V3, libnftnl] rule: Implement internal expression iterator

On 08/10/2016 01:41 PM, Pablo Neira Ayuso wrote: On Wed, Aug 10, 2016 at 11:48:54AM +0200, Carlos Falgueras García wrote: Introduce nftnl_expr_iter_init() to allow stack allocated iterators for internal use. Applied with minor changes, see below. Signed-off-by: Carlos Falgueras García

[PATCH 3/3, libnftnl] tests: Fix tests for immediate and lookup expressions

An error at Makefile.am has caused that the tests 'nft-expr_immediate-test.c' and 'nft-expr_lookup-tests.c' have not been compiled since they were created. This patch fix that error and some errors in both tests. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- tests/Makef

[PATCH 2/3, libnftnl] expr: Fix lookup builder

Deleted wrong braces that cause unwanted behaviour. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/expr/lookup.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/expr/lookup.c b/src/expr/lookup.c index 57612d1..60da653 100644 --- a/src/expr/lo

[PATCH 2/4, V3, libnftnl] Implement rule comparison

pointer to a comparator. The expressions that can be compared with memcmp have this new field set to NULL, otherwise they have implemented a comparator. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/data_reg.h | 3 +++ include/expr_ops.h | 1 + include/li

[PATCH 3/4, V3, nft] Simplify parser rule_spec tree

: Expected `position' or nothing add rule t c handle ip saddr 1.1.1.1 counter Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/evaluate.c | 68 +- src/parser_bison.y | 51 +---

[PATCH 4/4, V3, nft] Implement deleting rule by description

1.1.1.4 counter packets 0 bytes 0 # handle 4 } } Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/evaluate.c | 6 ++ src/parser_bison.y | 28 +--- src/rule.c | 45 +++-- 3

[PATCH, v2] Constify iterators

Iterators do not modify objects which they iterate, so input pointer must be const. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/libnftnl/chain.h | 4 ++-- include/libnftnl/rule.h | 8 include/libnftnl/set.h | 16 include/li

[PATCH] rule: Constify rule iterators

Iterators do not modify objects which they iterate, so input pointer must be const. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/libnftnl/rule.h | 8 src/rule.c | 8 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/i

Re: [PATCH 4/5, V2, nft] Simplify parser rule_spec tree

On 08/08/2016 04:54 PM, Pablo Neira Ayuso wrote: On Mon, Aug 08, 2016 at 02:42:34PM +0200, Carlos Falgueras García wrote: -position_spec : /* empty */ +rule_position : chain_spec { - memset(&$$, 0, si

[PATCH 4/5, V2, nft] Simplify parser rule_spec tree

by: Carlos Falgueras García <carlo...@riseup.net> --- src/evaluate.c | 68 +- src/parser_bison.y | 51 +--- 2 files changed, 28 insertions(+), 91 deletions(-) diff --git a/src/evaluate.c b/src/evaluate

[PATCH 5/5, V2, nft] Implement deleting rule by description

packets 0 bytes 0 # handle 1 ip saddr 1.1.1.2 counter packets 0 bytes 0 # handle 3 ip saddr 1.1.1.4 counter packets 0 bytes 0 # handle 4 } } Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/evaluate.c

[PATCH 1/5, V2, libnftnl] rule: Add const modifier to rule field of expression iterator

Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/libnftnl/rule.h | 2 +- src/rule.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/libnftnl/rule.h b/include/libnftnl/rule.h index 2776a77..09af96c 100644 --- a/include/li

Re: [PATCH 2/4, libnfntl] Implement rule comparison

On 08/08/2016 01:32 PM, Pablo Neira Ayuso wrote: On Mon, Aug 08, 2016 at 01:17:56PM +0200, Carlos Falgueras García wrote: diff --git a/src/expr/dynset.c b/src/expr/dynset.c index 0eaa409..fa8b8d5 100644 --- a/src/expr/dynset.c +++ b/src/expr/dynset.c @@ -370,6 +370,23 @@ static void

Re: [PATCH 1/4, libnftnl] rule: Implement internal expression iterator

On 08/08/2016 01:25 PM, Pablo Neira Ayuso wrote: On Mon, Aug 08, 2016 at 01:17:55PM +0200, Carlos Falgueras García wrote: With 'nftnl_expr_iter_init' we can create an expression iterator without dynamic memory allocation. I'd suggest this description: Introduce nftnl_expr_iter_init

[PATCH 1/4, libnftnl] rule: Implement internal expression iterator

With 'nftnl_expr_iter_init' we can create an expression iterator without dynamic memory allocation. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/internal.h | 1 + include/rule.h | 15 +++ src/rule.c | 23 --- 3

[PATCH 4/4, nft] Implement deleting rule by description

packets 0 bytes 0 # handle 1 ip saddr 1.1.1.2 counter packets 0 bytes 0 # handle 3 ip saddr 1.1.1.4 counter packets 0 bytes 0 # handle 4 } } Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/evaluate.c

[PATCH 3/4, nft] Simplify parser rule_spec tree

by: Carlos Falgueras García <carlo...@riseup.net> --- src/evaluate.c | 68 +- src/parser_bison.y | 51 +--- 2 files changed, 28 insertions(+), 91 deletions(-) diff --git a/src/evaluate.c b/src/evaluate

[PATCH v3, libnftnl] Fix nftnl_*_get to set data_len

All getters must set the output parameter 'data_len' Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/chain.c | 3 +++ src/expr.c| 1 + src/expr/dynset.c | 3 +++ src/expr/lookup.c | 3 +++ src/gen.c | 1 + src/rule.c| 2 ++ src/set.c

[PATCH v2, libnftnl] Fix nftnl_*_get to set data_len

All getters must set the output parameter 'data_len' Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/chain.c | 3 +++ src/expr.c| 1 + src/expr/dynset.c | 3 +++ src/expr/lookup.c | 3 +++ src/gen.c | 1 + src/rule.c| 2 ++ src/set.c

[PATCH 2/2 libnfntl] Fix nftnl_*_get to set data_len

All getters must set the output parameter 'data_len' Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/chain.c | 3 +++ src/expr.c| 1 + src/expr/dynset.c | 3 +++ src/expr/lookup.c | 3 +++ src/gen.c | 1 + src/rule.c| 2 ++ src/set.c

[PATCH 1/2 libnfntl] Fix nftnl_*_set_str

These lengths must be one character longer to take account the null character Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/chain.c| 2 +- src/rule.c | 2 +- src/set.c | 2 +- src/set_elem.c | 2 +- src/table.c| 2 +- 5 files changed, 5 insertions

Re: [PATCH libnftnl] Fix string length calculations

On 02/07/16 08:54, Pablo Neira Ayuso wrote: On Fri, Jul 01, 2016 at 06:11:43PM +0200, Carlos Falgueras García wrote: These lengths must be one character longer to take account the null character Please, place the change for src/set.c in this patch so I only need to apply one patch. I

Re: [PATCH libnftnl] set: Fix nftnl_set_set_str

On 01/07/16 16:22, Pablo Neira Ayuso wrote: On Mon, Jun 27, 2016 at 06:24:25PM +0200, Carlos Falgueras García wrote: We need the string length Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/set.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

[PATCH libnftnl] Fix string length calculations

These lengths must be one character longer to take account the null character Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/chain.c| 2 +- src/rule.c | 2 +- src/set_elem.c | 2 +- src/table.c| 2 +- src/trace.c| 6 +++--- 5 files changed, 7 inse

[PATCH libnfntl v2] set: Fix nftnl_set_set_str

We need the string length Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/set.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/set.c b/src/set.c index 47e0c45..8a025ab 100644 --- a/src/set.c +++ b/src/set.c @@ -190,7 +190,7 @@ EXPORT_SYMBOL

[PATCH 2/2 libnftnl] tests: Check set user data

Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- tests/nft-set-test.c | 4 1 file changed, 4 insertions(+) diff --git a/tests/nft-set-test.c b/tests/nft-set-test.c index f6fbfb5..173c17f 100644 --- a/tests/nft-set-test.c +++ b/tests/nft-set-test.c @@ -47,6 +47,9 @@

[PATCH 1/2 libnftnl] set: Add new attribute into 'set' to store user data

The new structure 'user' holds a pointer to user data and its length. The kernel must have the flag NFTA_SET_USERDATA to support this feature. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/libnftnl/set.h | 1 + include/set.h | 4 src

[PATCH libnftnl] set: Fix nftnl_set_set_str

We need the string length Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/set.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/set.c b/src/set.c index 879100c..edbcbe5 100644 --- a/src/set.c +++ b/src/set.c @@ -203,7 +203,7 @@ EXPORT_SYMBOL

[PATCH libnftnl, v2] fix some error checking in parser functions

Use a variable 'ret' multiple times without treat the error between can overwrite the previous error value, and may execute code which should not. Bad way: int f() { int ret; ret = g(); ret = h(); return ret; }

[PATCH 2/3 libnftnl] fix some error checking in parser functions

; } Good way: int f() { int ret; ret = g(); if (ret) return ret; ret = h(); if (ret) return ret; return 0; } Signed-off-by: Carlos Falgueras

[PATCH 3/3 libnftnl] Consolidate setters

Use setter method in all place where we set an attribute instead of repeat the code. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/chain.c| 91 src/gen.c | 7 ++--- src/rule.c

[PATCH 2/2 v2,libnftnl] Check memory allocations in setters

instead void * All memory allocations inside setters are checked * Unsetters are used if is possible in order to consolidate Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/libnftnl/chain.h | 8 include/libnftnl/expr.h| 4 ++-- i

[PATCH 1/2 v2,libnftnl] Fix leak in nftnl_*_unset()

Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/rule.c | 2 ++ src/set_elem.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/rule.c b/src/rule.c index 1e1a138..19e8b95 100644 --- a/src/rule.c +++ b/src/rule.c @@ -111,7 +111,9 @@ void nftnl_rule_unset(

Re: [PATCH 1/2 libnftnl] Fix leak in nftnl_*_unset()

On 06/10/2016 01:14 PM, Arturo Borrero Gonzalez wrote: On 10 June 2016 at 12:20, Carlos Falgueras García <carlo...@riseup.net> wrote: Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/rule.c | 1 + src/set_elem.c | 1 + 2 files changed, 2 insertions(+) diff

[PATCH 2/2 libnftnl] Check memory allocations in setters

instead void * All memory allocations inside setters are checked * Unsetters are used if is possible in order to consolidate Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/libnftnl/chain.h | 16 +++--- include/libnftnl/expr.h

[PATCH libmnl] nlmsg: Improve payload printing

igned-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/nlmsg.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/nlmsg.c b/src/nlmsg.c index fd2f698..5dfbd88 100644 --- a/src/nlmsg.c +++ b/src/nlmsg.c @@ -317,10 +317,10 @@ mnl_nlmsg_fprintf_payload(FILE

[PATCH 2/2,libnftnl] Check memory allocations in setters

are checked * The object remains unchanged in case of error * Unsetters are used if is possible in order to consolidate Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/chain.c | 26 +- src/expr/dynset.c| 8 +++- sr

[PATCH 1/2,libnftnl] Free user data in unsetters

Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/rule.c | 2 ++ src/set_elem.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/rule.c b/src/rule.c index 8ee8648..3576e32 100644 --- a/src/rule.c +++ b/src/rule.c @@ -112,6 +112,8 @@ void nftnl_rule_unset(

[PATCH libnfntl] Check all strdup

Check all strdup possible error and treat it consequently. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/chain.c | 12 src/expr/data_reg.c | 6 ++ src/expr/dynset.c| 4 src/expr/immediate.c | 2 ++ src/expr/log.c | 4 +++

[PATCH 2/2 nft] parser: Check commentaries length

e t c ip saddr 1.1.1.1 counter comment abc...xyz ^ Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/rule.h | 2 ++ src/parser_bison.y | 5 + 2 files changed, 7 insertions(+) diff --git a/include/rule.h b/

[PATCH 1/2 nft] parser: Centralize commentary rule

It make more sense if this rule can not be empty, so it can be used both as mandatory as optional. The higher rule should choice use it in a way or another. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/parser_bison.y | 25 +++-- 1 file chang

Re: [PATCH nft] parser: Check commentaries length

Thanks for the feedback, I will send now two new patches with the corrections. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

[PATCH nft] parser: Check commentaries length

Checks the commentary maximum length and reports to user in case of error. The commentary rule of the parser was simplified in order to centralize the length checking. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/parser.h | 6 ++ src/parser_bison.

[PATCH 1/2 libnftnl] set_elem: Copy user data memory

All attributes are passed by copy, so user data should be copied too. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/set_elem.c | 10 -- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/set_elem.c b/src/set_elem.c index 990be24..b9c7e1e

[PATCH 2/2 nft] set_elem: Use libnftnl/udata to store set element comment

The set element comment is stored in nftnl_set_elem->user.data using libnftnl/udata infrastructure. This allows store multiple variable length user data into set element. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/netli

[PATCH] libnftnl: set_elem: Fix memory leak

User data must be freed. How to reproduce: > nft add table t > nft add set t s {type ipv4_addr\;} > valgrind nft add element t s {1.1.1.1} Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/set_elem.c | 3 +++ 1 file changed, 3 insertions(+) d

[PATCH] libnftnl: gitignore: Fix mistake in gitignore regexp

If a whole directory was ignored, files inside it will not be checked. Reported-by: Pablo Neira Ayuso <pa...@netfilter.org> Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- .gitignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore

[PATCH 2/2] nftables: Fix memory leak linearizing user data

nftnl_rule_set_data makes a copy of the user data which receives, it is not necessary make a copy before call it. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/netlink_linearize.c | 11 +++ 1 file changed, 3 insertions(+), 8 deletions(-) diff --git

[PATCH 1/2] libnfntl: Fix segfault due to invalid free of rule user data

-by: Carlos Falgueras García <carlo...@riseup.net> --- src/rule.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/rule.c b/src/rule.c index c299548..3f276f8 100644 --- a/src/rule.c +++ b/src/rule.c @@ -167,7 +167,12 @@ void nftnl_rule_set_data(struct nftnl_rule *r, ui

[PATCH] libnftnl: tests: Free nftnl_udata_buf before exit

Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- tests/nft-rule-test.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/nft-rule-test.c b/tests/nft-rule-test.c index 2f6e35f..dee3530 100644 --- a/tests/nft-rule-test.c +++ b/tests/nft-rule-test.c @@ -88,6 +88,7 @@ in

[PATCH] libnftnl: Add to .gitignore all auto-generated files when a "make check" is done

It ignores files inside "test/" and "examples/" except all c code (*.c) and the "Makefile.am" Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- .gitignore | 8 1 file changed, 8 insertions(+) diff --git a/.gitignore b/.git

Re: [PATCH 2/4 v6] libnftnl: rule: Change the "userdata" attribute to use new TLV buffer

On 14/04/16 01:59, Pablo Neira Ayuso wrote: On Tue, Mar 22, 2016 at 08:46:25PM +0100, Carlos Falgueras García wrote: diff --git a/src/rule.c b/src/rule.c index 3a32bf6..db96e5b 100644 --- a/src/rule.c +++ b/src/rule.c @@ -28,6 +28,7 @@ #include #include #include +#include struct

Re: [PATCH 4/4 v5] nftables: rule: Change the field "rule->comment" for an nftnl_udata_buf

On 21/03/16 23:13, Pablo Neira Ayuso wrote: On Tue, Mar 15, 2016 at 09:28:07PM +0100, Carlos Falgueras García wrote: Now it is possible to store multiple variable length user data into rule. Modify the parser in order to fill the nftnl_udata with the comment, and the print function for extract

Re: [PATCH 1/4 v5] libnftnl: Implement new buffer of TLV objects

On 21/03/16 23:10, Pablo Neira Ayuso wrote: On Tue, Mar 15, 2016 at 09:28:04PM +0100, Carlos Falgueras García wrote: These functions allow to create a buffer (nftnl_udata_buf) of TLV objects (nftnl_udata). It is inspired by libmnl/src/attr.c. It can be used to store several variable length user

[PATCH 3/4 v5] libnftnl: test: Update test to check new nftnl_udata features of nftnl_rule

Modify nft-rule-test.c to check TLV attribute inclusion in nftnl_rule. Add "*-rule-udata.[json|xml]" to check parsers. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- tests/jsonfiles/71-rule-udata.json | 1 + tests/nft-rule-test.c | 21

[PATCH 2/4 v5] libnftnl: rule: Change the "userdata" attribute to use new TLV buffer

Now is it possible to store multiple variable length user data into a rule. Modify XML and JSON parsers to support this new feature. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/json.h | 7 ++ include/utils.h | 2 + include/xml.h | 6 ++ src/jansson.c

Re: [PATCH 4/4 v4] nftables: rule: Change the field "rule->comment" for an nftnl_udata_buf

Thanks Pablo. I will send all of these changes now. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

[PATCH 3/4 v4] libnftnl: test: Actualize test to check new nftnl_udata features of nftnl_rule

Modify nft-rule-test.c to check TLV attribute inclusion in nftnl_rule. Add "*-rule-udata.[json|xml]" to check parsers. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- tests/jsonfiles/71-rule-udata.json | 1 + tests/nft-rule-test.c | 21

[PATCH 2/4 v4] libnftnl: rule: Change the "userdata" attribute to use new TLV buffer

Now is it possible to store multiple variable length user data into a rule. Modify XML and JSON parsers to support this new feature. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/json.h | 7 ++ include/utils.h | 2 + include/xml.h | 6 ++ src/jansson.c

[PATCH 4/4 v4] nftables: rule: Change the field "rule->comment" for an nftnl_udata_buf

Now it is possible to store multiple variable length user data into rule. Modify the parser in order to fill the nftnl_udata with the comment, and the print function for extract these commentary and print it to user. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/

Re: [PATCH 4/4 v3] nftables: rule: Change the field "rule->comment" for an nftnl_udata_buf MIME-Version: 1.0

Thanks for the feedback; On 08/03/16 14:13, Pablo Neira Ayuso wrote: On Mon, Mar 07, 2016 at 06:10:41PM +0100, Carlos Falgueras García wrote: diff --git a/src/parser_bison.y b/src/parser_bison.y index 05ade0f..ed1b63a 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -24,6 +24,7

Re: [PATCH 2/4 v3] libnftnl: rule: Change the "userdata" attribute to use new TLV buffer

Thanks for the feedback. On 08/03/16 14:04, Pablo Neira Ayuso wrote: On Mon, Mar 07, 2016 at 06:10:42PM +0100, Carlos Falgueras García wrote: @@ -75,6 +81,8 @@ void nftnl_rule_free(struct nftnl_rule *r) xfree(r->table); if (r->chain != NULL) x

[PATCH 1/4 v3] libnftnl: Implement new buffer of TLV objects.

ut attribute \"%s\"", str); exit(EXIT_FAILURE); } nftnl_udata_for_each(buf, attr) { printf("%s\n", (char *)nftnl_udata_attr_value(attr)); } nftnl_udata_free(buf); ``` Signed-off-by: Carlos F

[PATCH 3/3 v2] nftables: rule: Change the field "rule->comment" for an nftnl_attrbuf.

Now it is possible to store multiple variable length user data into rule. Modify the parser in order to fill the nftnl_attrbuf with the comment, and the print function for extract these commentary and print it to user. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- i

[PATCH 2/3 v2] libnftnl: rule: Change the "userdata" attribute to use new TLV buffer.

Now is it possible to store multiple variable length user data into a rule. Modify XML and JSON parsers to support this new feature. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- include/json.h | 7 ++ include/utils.h | 2 + include/xml.h | 5 ++ src/jansson.c

[PATCH 1/3 v2] libnftnl: Implement new buffer of TLV objects.

te \"%s\"", str); } nftnl_attr_for_each(attr, attrbuf) { printf("%s\n", (char *)nftnl_attr_get_value(attr)); } nftnl_attr_free(attrbuf); ``` Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- includ

[PATCH 1/2] libnftnl: rule: Change the "userdata" attribute to use new TLV buffer.

Now is it possible to store multiple variable length user data into a rule. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- src/rule.c | 158 ++--- 1 file changed, 130 insertions(+), 28 deletions(-) diff --git a/src/

[PATCH 2/2] nftables: rule: Change the field "rule->comment" for an nftnl_attrbuf.

Now it is possible to store multiple variable length user data into rule. Modify the parser in order to fill the nftnl_attrbuf with the comment, and the print function for extract these commentary and print it to user. Signed-off-by: Carlos Falgueras García <carlo...@riseup.net> --- i