| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
The 'data' arrays in match and target expression tests were undersized
as they did not cover for the terminating NUL-char of the string used to
initialize them. When passing such array to strdup(), the latter reads
until after the defined array boundary.
Fixes: 93483364369d8 ("src: get rid of cached copies of x_tables.h and xt_LOG.h")
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the copyright notice in header comments by an equivalent
SPDX-License-Identifier string. Drop a following empty line if at the
bottom of the comment. Leave any other header comment content in place.
This also fixes for an incomplete notice in examples/nft-ruleset-get.c
since commit c335442eefcca ("src: incorrect header refers to GPLv2
only").
Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
Use nftnl_nlmsg_build_hdr() instead of nftnl_*_nlmsg_build_hdr().
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Use a shorter name for this, morever this can be used from sets so the _rule_
is misleading.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
So we can use the nft_* prefix anytime soon for our upcoming higher level
library.
After this patch, the nft_* symbols become an alias of the nftnl_* symbols.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
Keeping the full cached copy the of x_tables.h file in tree is too much
for just the XT_EXTENSION_MAXNAMELEN constant. Similarly, xt_LOG.h is not
actually required by the tests, we can use any whatever syntetic data
to make sure the setter and getter provide the same result. So, let's
get rid of these headers from the library tree.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
We plan to use this library name for the higher layer library.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
These tests create an initial object 'a' whose attributes are
set to arbitrary values. Then, that object is converted to a
Netlink message which is parsed to obtain the object 'b'. If
things go well, the original object 'a' and the transformed
object 'b' should be equivalent. Thus, we make sure that object
transformations through the main library APIs are correct.
These tests have helped to catch the following bugs in this library:
(3cf788a72 expr: fix leak in target and match expressions)
(4182e574f expr: match: fix wrong flag setting in nft_rule_expr_match_parse)
(0bec6bc5e expr: log: release prefix)
(2b690deea expr: log: fix missing \0 when sending log prefix to kernel)
(e55c7afcf expr: target: fix wrong info length in nft_rule_expr_target_parse)
(8fc4d4bd2 expr: log: fix wrong attribute type in nft_rule_expr_log_parse)
Signed-off-by: Ana Rey <anarey@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
