rtpengine

Commit Graph

Author	SHA1	Message	Date
Alex Hermann	3a80ac6355	MT#55283 Do not remove jumps to custom chain if base chain is "none" If base chain is "none", the admin is responsible for jumping into the custom chain. Don't remove jumps the admin migth have setup. closes #1787 Change-Id: I9980acb12fb1abb0883b22aceab2719087768763 (cherry picked from commit `4cf8be08e3`)	2 years ago
Alex Hermann	1667b32c11	MT#55283 Don't fail deleting the iptables chain if it is still in use When base chain is "none", the admin is required to manage jumping into the rtpengine chain. The chain can't be deleted if it is still referenced by another rule, which is common in this configuration. closes #1787 Change-Id: I8a72e1041a364db60870b5acececc234c8452bab (cherry picked from commit `2e7e720c94`)	2 years ago
Richard Fuchs	72f56be71e	MT#55283 don't create chains that already exist Telling netlink to create a chain that already exists should technically be a no-op, BUT it still sets the policy to whatever was given as a side effect. Make sure we don't change the policy by explicitly checking for the chain's existence. closes #1785 Change-Id: I526a4e2a0f9d1dcc6e0e00a6e273e4df55863d6c (cherry picked from commit `a0ba4d793d`)	2 years ago
Richard Fuchs	a95e78089c	MT#55283 fix copy/pasto Change-Id: Ibd884db10393496e4de13069e29d91bf59be79c7 (cherry picked from commit `0500c3a0e9`)	2 years ago
Richard Fuchs	a4024ac51f	MT#57371 add --nftables-status option Change-Id: I9925c8c593850729095647b3749fb4b9835b37a4	2 years ago
Richard Fuchs	0ca666a925	MT#57371 split up match_immediate_rtpe function ... into its two components so that they can be used separately. Change-Id: I1f2d800f6ac2739a2d10f8b6d97e783259fad890	2 years ago
Richard Fuchs	56f94b99e8	MT#57371 make callback function optional Change-Id: I0705378620136a9e424c3a8eda42aa1c0dfd0e08	2 years ago
Richard Fuchs	92e981d325	MT#57371 change scope of temporary object We can use this to return information back to the calling function. Change-Id: I8c83d41145e8f1e4d51b8b3b28cbd20abd63829b	2 years ago
Richard Fuchs	f5416c64c3	MT#57371 configurable nftables families Change-Id: I8c3e76ed6a86522f53dc309aa7a91c93359b96f8	2 years ago
Richard Fuchs	27a1d60405	MT#57371 support "none" as nft base chain Change-Id: I8d2b43e3b4dd9c26b6b9b4cfa325a48a6c6f1c8a	2 years ago
Richard Fuchs	18f0903f53	MT#57371 support rule prepending For the use case with a separate base chain, we want to preempt other firewall rules by default and insert our immediate jump rule at the beginning, rather than at the end. Add an option to provide the other behaviour. Change-Id: I16171f7c028c89b94823ecc99387771be3ba9443	2 years ago
Richard Fuchs	82c7827060	MT#57371 convert arg from void* to struct ... so that other arguments can be passed as well Change-Id: Ib0fe30418cd4aacd0ba27b6557fe9f311429b34c	2 years ago
Richard Fuchs	4a5540a537	MT#57371 convert nftables_setup args to struct ... for easier extending to more arguments Change-Id: I514b7497de5df60479b597bbc301a83cf479a5b2	2 years ago
Richard Fuchs	c048bd591a	MT#57371 adapt base chain rule If we're not using a separate base chain, create the target rule with the UDP filter in place, same as the "immediate" rule in the case with a base chain. Reported in #1732 Change-Id: I0e67a88f5f51e21ba9537c87e2955f910dd6ec2c	2 years ago
Richard Fuchs	e39f2ee64e	MT#57371 split up rtpe_target function ... so that the core functionality can be re-used Change-Id: Ie567110dc3c407ee38dcf6710d090828206db619	2 years ago
Richard Fuchs	b263abad85	MT#57371 split out function to add UDP filter Change-Id: I4ff6af17f82571b1470eed818a33269d2656f5c9	2 years ago
Richard Fuchs	4be28b8909	MT#57371 remove leftover test code Change-Id: I64e71b191572ca752580bd04a93b1fbdd61b89d7	2 years ago
Richard Fuchs	3823507815	MT#57371 fix rule deletion We need to reset the condition flag for each rule, otherwise we may end up deleting everything Change-Id: Ic7f827149d18cce9e7b5d8ae5f0145bd52bee12d	2 years ago
Richard Fuchs	804df63f74	MT#57371 use non-local storage for nft target info Setting the target info of an `expr` object doesn't result on the data being copied by libnftnl (unlike other objects). Use static storage to fix invalid pointer usage. Reported in #984 Closes #1731 Change-Id: Ic5c156a83504a24fb618d770ba53cd1ec4fb2435	2 years ago
Richard Fuchs	794f8e3c01	MT#57371 nftables support closes #984 Change-Id: I6b63165bcd5b2ab8c60391cc1d2c9fdc18a40121	2 years ago

20 Commits (b17f8224fb4451f5d443689efe209b72d76d547b)