Commit d2088ca8 authored 7 months ago by Florian Westphal Committed by Jakub Kicinski 7 months ago

netlink: specs: nftables: allow decode of default firewalld ruleset


This update allows listing default firewalld ruleset on Fedora 40 via
  tools/net/ynl/cli.py --spec \
     Documentation/netlink/specs/nftables.yaml --dump getrule

Default ruleset uses fib, reject and objref expressions which were
missing.

Other missing expressions can be added later.

Improve decoding while at it:
- add bitwise, ct and lookup attributes
- wire up the quota expression
- translate raw verdict codes to a human reable name, e.g.
  'code': 4294967293 becomes 'code': 'jump'.

v2: forgot fib addrtype in enum list (Donald Hunter)

Reviewed-by: Donald Hunter <donald.hunter@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Link: https://patch.msgid.link/20240902214112.2549-1-fw@strlen.de


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent 1232e93b

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 250 additions and 4 deletions

Please register or to comment