rtpengine

Commit Graph

Author	SHA1	Message	Date
Richard Fuchs	cb2ae4e399	MT#55283 rename match flag and function These aren't only used to match "immediate" rules, so rename them accordingly. Make it more clear what check_matched_queue() does. Change-Id: Ie2d48c075e79c24ac120673bc7c0445c3686326f	2 years ago
Richard Fuchs	e437c06a41	MT#55283 remove pointless struct There are no extra fields here, so no point in having a struct Change-Id: I00f38ecfb70cb5108f0822b6059c3d7189865c32	2 years ago
Alex Hermann	4cf8be08e3	MT#55283 Do not remove jumps to custom chain if base chain is "none" If base chain is "none", the admin is responsible for jumping into the custom chain. Don't remove jumps the admin migth have setup. closes #1787 Change-Id: I9980acb12fb1abb0883b22aceab2719087768763	2 years ago
Alex Hermann	2e7e720c94	MT#55283 Don't fail deleting the iptables chain if it is still in use When base chain is "none", the admin is required to manage jumping into the rtpengine chain. The chain can't be deleted if it is still referenced by another rule, which is common in this configuration. closes #1787 Change-Id: I8a72e1041a364db60870b5acececc234c8452bab	2 years ago
Richard Fuchs	a0ba4d793d	MT#55283 don't create chains that already exist Telling netlink to create a chain that already exists should technically be a no-op, BUT it still sets the policy to whatever was given as a side effect. Make sure we don't change the policy by explicitly checking for the chain's existence. closes #1785 Change-Id: I526a4e2a0f9d1dcc6e0e00a6e273e4df55863d6c	2 years ago
Richard Fuchs	0500c3a0e9	MT#55283 fix copy/pasto Change-Id: Ibd884db10393496e4de13069e29d91bf59be79c7	2 years ago
Donat Zenichev	bebe291656	MT#59086 Unify header files inclusions. In the file implementations follow the rules: 1. Firstly goes the correlated header file, then one empty row. 2. Secondly go system headers, so in angle-brackets, then one empty row. 3. Thirdly, go custom header files, so in double quotes, then one empty row. 4. If there is "xt_RTPENGINE.h", it's mentioned next, but separately, then one empty row. 5. If there are pre-processor definitions, they are added. 6. And eventually at least one empty row before the code. In some situations it's allowed to step aside from the rules, when inclusions are dependent on each other, so on the sequence, and also possibly on some inline objects definitions, but if possible to follow the rules, it's being done. Change-Id: Ie512a970e230fe202398656d1942e8874bb14cd9	2 years ago
Richard Fuchs	6792188bec	MT#55283 use g_auto for nftables Change-Id: Ib53e4d820b2ae5e03fa68985c3a18e95c3f8f276	2 years ago
Richard Fuchs	a4024ac51f	MT#57371 add --nftables-status option Change-Id: I9925c8c593850729095647b3749fb4b9835b37a4	2 years ago
Richard Fuchs	0ca666a925	MT#57371 split up match_immediate_rtpe function ... into its two components so that they can be used separately. Change-Id: I1f2d800f6ac2739a2d10f8b6d97e783259fad890	2 years ago
Richard Fuchs	56f94b99e8	MT#57371 make callback function optional Change-Id: I0705378620136a9e424c3a8eda42aa1c0dfd0e08	2 years ago
Richard Fuchs	92e981d325	MT#57371 change scope of temporary object We can use this to return information back to the calling function. Change-Id: I8c83d41145e8f1e4d51b8b3b28cbd20abd63829b	2 years ago
Richard Fuchs	f5416c64c3	MT#57371 configurable nftables families Change-Id: I8c3e76ed6a86522f53dc309aa7a91c93359b96f8	2 years ago
Richard Fuchs	27a1d60405	MT#57371 support "none" as nft base chain Change-Id: I8d2b43e3b4dd9c26b6b9b4cfa325a48a6c6f1c8a	2 years ago
Richard Fuchs	18f0903f53	MT#57371 support rule prepending For the use case with a separate base chain, we want to preempt other firewall rules by default and insert our immediate jump rule at the beginning, rather than at the end. Add an option to provide the other behaviour. Change-Id: I16171f7c028c89b94823ecc99387771be3ba9443	2 years ago
Richard Fuchs	82c7827060	MT#57371 convert arg from void* to struct ... so that other arguments can be passed as well Change-Id: Ib0fe30418cd4aacd0ba27b6557fe9f311429b34c	2 years ago
Richard Fuchs	4a5540a537	MT#57371 convert nftables_setup args to struct ... for easier extending to more arguments Change-Id: I514b7497de5df60479b597bbc301a83cf479a5b2	2 years ago
Richard Fuchs	c048bd591a	MT#57371 adapt base chain rule If we're not using a separate base chain, create the target rule with the UDP filter in place, same as the "immediate" rule in the case with a base chain. Reported in #1732 Change-Id: I0e67a88f5f51e21ba9537c87e2955f910dd6ec2c	2 years ago
Richard Fuchs	e39f2ee64e	MT#57371 split up rtpe_target function ... so that the core functionality can be re-used Change-Id: Ie567110dc3c407ee38dcf6710d090828206db619	2 years ago
Richard Fuchs	b263abad85	MT#57371 split out function to add UDP filter Change-Id: I4ff6af17f82571b1470eed818a33269d2656f5c9	2 years ago
Richard Fuchs	4be28b8909	MT#57371 remove leftover test code Change-Id: I64e71b191572ca752580bd04a93b1fbdd61b89d7	2 years ago
Richard Fuchs	3823507815	MT#57371 fix rule deletion We need to reset the condition flag for each rule, otherwise we may end up deleting everything Change-Id: Ic7f827149d18cce9e7b5d8ae5f0145bd52bee12d	2 years ago
Richard Fuchs	804df63f74	MT#57371 use non-local storage for nft target info Setting the target info of an `expr` object doesn't result on the data being copied by libnftnl (unlike other objects). Use static storage to fix invalid pointer usage. Reported in #984 Closes #1731 Change-Id: Ic5c156a83504a24fb618d770ba53cd1ec4fb2435	2 years ago
Richard Fuchs	794f8e3c01	MT#57371 nftables support closes #984 Change-Id: I6b63165bcd5b2ab8c60391cc1d2c9fdc18a40121	2 years ago

24 Commits (cb2ae4e399d7585808dca57b3cc046174a634b7a)