From 45b92e1a76744bac68dc5a1da3b4be5a533cb7f7 Mon Sep 17 00:00:00 2001 From: Marcin Osypka Date: Wed, 17 Jan 2024 19:15:58 +0100 Subject: [PATCH 1/6] Add missing ifname SetType The type can be found on a nftables wiki page (in section "Named sets Specifications") https://wiki.nftables.org/wiki-nftables/index.php/Sets --- src/schema.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/schema.rs b/src/schema.rs index 0bfe949..97dba4d 100644 --- a/src/schema.rs +++ b/src/schema.rs @@ -232,6 +232,9 @@ pub enum SetType { #[serde(rename = "mark")] #[strum(serialize="mark")] Mark, + #[serde(rename = "ifname")] + #[strum(serialize="ifname")] + Ifname, } #[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)] From 19323421abfddafa1bb55b923b6b4350471e3e43 Mon Sep 17 00:00:00 2001 From: Marcin Osypka Date: Wed, 17 Jan 2024 19:23:04 +0100 Subject: [PATCH 2/6] Add a missing dynamic SetFlag The flag is documented in NFT(8) manual (Table 8, set specifications) --- src/schema.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/schema.rs b/src/schema.rs index 97dba4d..098480b 100644 --- a/src/schema.rs +++ b/src/schema.rs @@ -252,6 +252,7 @@ pub enum SetFlag { Constant, Interval, Timeout, + Dynamic, } #[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)] From 80561b972db77b109397b6b17f5d4ae7bf8762bf Mon Sep 17 00:00:00 2001 From: Marcin Osypka Date: Wed, 17 Jan 2024 19:33:04 +0100 Subject: [PATCH 3/6] Add Elem counter field Since nftables 0.9.5 there is a counter per element available --- src/expr.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/expr.rs b/src/expr.rs index 5640e4d..c6895ef 100644 --- a/src/expr.rs +++ b/src/expr.rs @@ -2,6 +2,7 @@ use serde::{Deserialize, Serialize}; use std::collections::HashSet; use crate::stmt::Statement; +use crate::stmt::Counter; #[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)] #[serde(untagged)] @@ -358,6 +359,7 @@ pub struct Elem { pub timeout: u32, pub expires: u32, pub comment: String, + pub counter: Option, } #[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)] From 6159989e370d2a3bc161d9bf11eb265226a61edd Mon Sep 17 00:00:00 2001 From: Marcin Osypka Date: Wed, 17 Jan 2024 20:05:53 +0100 Subject: [PATCH 4/6] Elem fields should be Option E.g. for the set: set test_set { typeof ip saddr flags interval elements = { 10.0.0.0/24 } } The json object will look like this: "set": { "family": "ip", "name": "snat_hv", "table": "nat", "type": "ipv4_addr", "handle": 4, "flags": [ "interval" ], "elem": [ { "elem": { "val": { "prefix": { "addr": "10.0.0.0", "len": 24 } }, } } } There is no timeout, expires and comments fields, they should be optional. --- src/expr.rs | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/expr.rs b/src/expr.rs index c6895ef..ffe5c58 100644 --- a/src/expr.rs +++ b/src/expr.rs @@ -351,14 +351,21 @@ pub enum Verdict { Goto(String), } +#[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)] +/// Explicitly set element object. +pub struct ElemCounter { + pub packets: u32, + pub bytes: u32, +} + #[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)] #[serde(rename = "elem")] /// Explicitly set element object. pub struct Elem { pub val: Box, - pub timeout: u32, - pub expires: u32, - pub comment: String, + pub timeout: Option, + pub expires: Option, + pub comment: Option, pub counter: Option, } From 8a31a720a7b02632079c1495af12a5d101b26563 Mon Sep 17 00:00:00 2001 From: Marcin Osypka Date: Thu, 18 Jan 2024 18:48:35 +0100 Subject: [PATCH 5/6] Add comment field to set The comment field on a set is not present in documentation but it is working and sometimes convenient to use. --- src/schema.rs | 2 ++ tests/helper_tests.rs | 1 + 2 files changed, 3 insertions(+) diff --git a/src/schema.rs b/src/schema.rs index 098480b..88daed4 100644 --- a/src/schema.rs +++ b/src/schema.rs @@ -193,6 +193,8 @@ pub struct Set { pub gc_interval: Option, #[serde(skip_serializing_if = "Option::is_none")] pub size: Option, + #[serde(skip_serializing_if = "Option::is_none")] + pub comment: Option, } #[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)] diff --git a/tests/helper_tests.rs b/tests/helper_tests.rs index 2cb8af8..9576308 100644 --- a/tests/helper_tests.rs +++ b/tests/helper_tests.rs @@ -57,6 +57,7 @@ fn example_ruleset() -> schema::Nftables { timeout: None, gc_interval: None, size: None, + comment: None, })); // add element to set batch.add(schema::NfListObject::Element(schema::Element { From e0500fef5ed282ae4a0e5338b15449318d5f7673 Mon Sep 17 00:00:00 2001 From: Marcin Osypka Date: Thu, 18 Jan 2024 18:56:30 +0100 Subject: [PATCH 6/6] Remove not used ElemCounter struct --- src/expr.rs | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/expr.rs b/src/expr.rs index ffe5c58..206577c 100644 --- a/src/expr.rs +++ b/src/expr.rs @@ -351,13 +351,6 @@ pub enum Verdict { Goto(String), } -#[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)] -/// Explicitly set element object. -pub struct ElemCounter { - pub packets: u32, - pub bytes: u32, -} - #[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)] #[serde(rename = "elem")] /// Explicitly set element object.