Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
62 commits
Select commit Hold shift + click to select a range
91d0d28
Add `links` manifest key to `nftnl-sys`
MarkusPettersson98 Oct 21, 2025
fb48d9b
Merge branch 'links-manifest'
MarkusPettersson98 Oct 21, 2025
da9f755
Update changelog
MarkusPettersson98 Oct 21, 2025
cf708b9
Merge branch 'add-ingress-hook-changelog-entry'
MarkusPettersson98 Oct 25, 2025
08609b3
Fix `nftnl-sys` manually linking `libmnl`
MarkusPettersson98 Oct 21, 2025
983819d
Merge branch 'fix-missing-dep-mnl-sys'
MarkusPettersson98 Oct 30, 2025
b728295
Update copyright notice
MarkusPettersson98 Oct 27, 2025
7f6bc98
Bump MSRV to 1.85
MarkusPettersson98 Oct 27, 2025
57a76e5
Fix minimal versions
MarkusPettersson98 Oct 27, 2025
af83dac
Bump `nftnl` to 0.8.0 & `nftnl-sys` to 0.6.3
MarkusPettersson98 Oct 29, 2025
7a87793
Merge branch 'chores'
MarkusPettersson98 Oct 30, 2025
d702312
Release `nftnl 0.8.0` and `nftnl-sys 0.6.3`
MarkusPettersson98 Oct 30, 2025
94a286f
Panic if Batch::with_page_size would overflow
hulthe Nov 10, 2025
713401b
Merge branch 'fix-overflow-in-batch-cons'
hulthe Nov 10, 2025
0a645c5
Update generate_bindings.sh
hulthe Nov 10, 2025
97ce347
Generate C bindings from 1.1.3 to 1.3.0
hulthe Nov 10, 2025
da01857
Add feature flags for libnftnl 1.1.3 through 1.3.0
hulthe Nov 10, 2025
51090d5
Update to rust 2024
hulthe Nov 10, 2025
776c6da
Replace b"strings\0" with c"strings" and improve casting
hulthe Nov 11, 2025
2a2abd4
Merge branch 'update-nftnl-sys'
hulthe Nov 11, 2025
cc470c3
Add more verbs to the git commit style checker
hulthe Nov 18, 2025
9e5eb09
Impl AsSlice for CStr and prefer using it
hulthe Nov 12, 2025
4e54e25
Set F_ACK on all netlink messages
hulthe Nov 12, 2025
93c7bec
Expose message sequence numbers from batch
hulthe Nov 12, 2025
c423e83
Replace *mut pointers with NonNull<pointers>
hulthe Nov 13, 2025
68a83cb
Do not impl AsSlice for &str
hulthe Nov 13, 2025
8450b89
Fix handling of netlink ACKs in examples
hulthe Nov 15, 2025
bb510d7
Merge branch 'improvements'
hulthe Nov 19, 2025
1dc63c4
Fix endianness of `ToSlice for {integer}`
hulthe Nov 24, 2025
c40f2eb
Impl ToSlice for u64
hulthe Nov 21, 2025
a6f7afb
Add support for socket expressions
MarkusPettersson98 Nov 19, 2025
580d42d
Move nft_expr_socket macro to `expr::socket` module
MarkusPettersson98 Nov 21, 2025
4dd7366
Scope use of unsafe as locally as possible (expr/socket.rs)
MarkusPettersson98 Nov 21, 2025
be94a0e
Feature gate socket expressions based on lib version
MarkusPettersson98 Nov 21, 2025
bf97132
Add docs to Socket members
MarkusPettersson98 Nov 21, 2025
028129e
Hide internal `imp` modules in socket.rs
MarkusPettersson98 Nov 22, 2025
0bef62a
Use data register 1 for socket expression result
MarkusPettersson98 Nov 22, 2025
43a611d
Document `socket.rs` more
MarkusPettersson98 Nov 22, 2025
af05bb7
Export lib version from nftnl-sys
hulthe Nov 24, 2025
b90b248
Add socket expressions to changelog
MarkusPettersson98 Nov 24, 2025
6d9c10a
Add required-feature for cgroups example
hulthe Nov 24, 2025
9ef6c30
Merge branch 'cgroups-v2'
hulthe Nov 24, 2025
b23bf82
Add Batch::with_page_size overflow vuln to changelog
MarkusPettersson98 Nov 26, 2025
06317e6
Add `impl ToSlice for u64` to changelog
MarkusPettersson98 Nov 26, 2025
3f32963
Add `impl ToSlice for &CStr` to changelog
MarkusPettersson98 Nov 26, 2025
d5da2df
Add deprecation of `impl ToSlice for &str` to changelog
MarkusPettersson98 Nov 26, 2025
91bf15b
Add sequence numbers from batch to changelog
MarkusPettersson98 Nov 26, 2025
2198729
Add endianess fix for integer types to changelog
MarkusPettersson98 Nov 26, 2025
cf6f59d
Fix punctuation in changelog
MarkusPettersson98 Nov 26, 2025
cfebc70
Bump nftnl-sys to 0.6.4
MarkusPettersson98 Nov 26, 2025
29b03e0
Bump nftnl to 0.9.0
MarkusPettersson98 Nov 26, 2025
2a928ce
Merge branch 'prepare-release'
MarkusPettersson98 Nov 26, 2025
7e82dbb
Fix do not panic if nftnl version is missing at build time
MarkusPettersson98 Nov 24, 2025
c135a60
Merge branch 'fix-build-when-using-links-manifest-key'
MarkusPettersson98 Nov 26, 2025
0a7156e
Panic instead of aborting on socket expr alloc error
hulthe Nov 27, 2025
29e9f92
Merge branch 'socket-panic-dont-abort'
hulthe Nov 27, 2025
dd2ec80
Release `nftnl 0.9.0` and `nftnl-sys 0.6.4`
MarkusPettersson98 Nov 26, 2025
db148f2
Remove NLM_F_ACK from batch begin/end messages
Centaurus99 Nov 28, 2025
de80e60
Merge remote-tracking branch 'centaurus99/main'
hulthe Dec 1, 2025
6a011da
Set NLM_F_ACK on kernel versions that support it
hulthe Dec 5, 2025
47b4ba4
Merge branch 'nlm-fack'
hulthe Dec 8, 2025
be25c34
Release 0.9.1
hulthe Dec 8, 2025
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/build-and-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
strategy:
matrix:
# Keep MSRV in sync with rust-version in Cargo.toml
rust: [stable, beta, nightly, 1.63.0]
rust: [stable, beta, nightly, 1.85.0]
runs-on: ubuntu-latest
steps:
- name: Install build dependencies
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/git-commit-message-style.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,6 @@ jobs:
allow-one-liners: 'true'
# This action defaults to 50 char subjects, but 72 is fine.
max-subject-line-length: '72'
# The action's wordlist is a bit short. Add more accepted verbs.
additional-verbs: 'tidy, wrap, obfuscate, bias, prohibit, forbid, revert, slim, impl, disregard, reproduce,
signal, guarantee, cap, parallelize'
35 changes: 35 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,41 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
## [Unreleased]


## [0.9.1] - 2025-12-08
### Fixed
- Avoid raising `NLM_F_ACK` for batch start/end messages on kernel version prior to 6.10.


## [0.9.0] - 2025-11-26
### Added
- Generate bindings for libnftnl 1.0.3 through 1.3.0.
- Add support for Socket expressions.
- Implement `ToSlice` for `u64`.
- Implement `ToSlice` for `&CStr`.

### Changed
- Upgrade to rust edition 2024.
- Expose message sequence numbers from batch.

### Fixed
- Fix buffer-overflow in `Batch::with_page_size` due to insufficient allocation for malformed
page sizes. Panic in these cases instead.
- Fix endianess in `ToSlice` implementations for integer types by using native endianess instead
of assuming little endian.

### Removed
- Remove `ToSlice` implementation for `&str` in favor of `&CStr`.


## [0.8.0] - 2025-10-30
### Added
- Add support for ingress hooks. Corresponds to `NF_INET_INGRESS`.
- Specify `links` manifest key `nftnl-sys`. This allows dependants to pass custom build flags.

### Changed
- Bump MSRV to 1.85.0 for `nftnl` and `nftnl-sys`.


## [0.7.0] - 2024-09-19
### Added
- Implement `Default` for `nftnl::batch::Batch`.
Expand Down
116 changes: 97 additions & 19 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion LICENSE-MIT
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
Copyright (c) 2017 Amagicom AB
Copyright (c) 2025 Mullvad VPN AB

Permission is hereby granted, free of charge, to any
person obtaining a copy of this software and associated
Expand Down
36 changes: 28 additions & 8 deletions nftnl-sys/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,28 +1,48 @@
[package]
name = "nftnl-sys"
version = "0.6.2"
version = "0.6.4"
authors = ["Mullvad VPN"]
license = "MIT OR Apache-2.0"
description = "Low level FFI bindings to libnftnl. Provides low-level userspace access to the in-kernel nf_tables subsystem"
repository = "https://github.com/mullvad/nftnl-rs"
readme = "README.md"
keywords = ["nftables", "nft", "firewall", "iptables", "netfilter"]
categories = ["network-programming", "os::unix-apis", "external-ffi-bindings", "no-std"]
edition = "2021"
rust-version = "1.63.0"
edition = "2024"
rust-version = "1.85.0"
links = "nftnl"


[features]
nftnl-1-0-7 = []
nftnl-1-0-8 = ["nftnl-1-0-7"]
nftnl-1-0-9 = ["nftnl-1-0-8"]
nftnl-1-1-0 = ["nftnl-1-0-9"]
nftnl-1-1-1 = ["nftnl-1-1-0"]
nftnl-1-3-0 = ["nftnl-1-2-9"]
nftnl-1-2-9 = ["nftnl-1-2-8"]
nftnl-1-2-8 = ["nftnl-1-2-7"]
nftnl-1-2-7 = ["nftnl-1-2-6"]
nftnl-1-2-6 = ["nftnl-1-2-5"]
nftnl-1-2-5 = ["nftnl-1-2-4"]
nftnl-1-2-4 = ["nftnl-1-2-3"]
nftnl-1-2-3 = ["nftnl-1-2-2"]
nftnl-1-2-2 = ["nftnl-1-2-1"]
nftnl-1-2-1 = ["nftnl-1-2-0"]
nftnl-1-2-0 = ["nftnl-1-1-9"]
nftnl-1-1-9 = ["nftnl-1-1-8"]
nftnl-1-1-8 = ["nftnl-1-1-7"]
nftnl-1-1-7 = ["nftnl-1-1-6"]
nftnl-1-1-6 = ["nftnl-1-1-5"]
nftnl-1-1-5 = ["nftnl-1-1-4"]
nftnl-1-1-4 = ["nftnl-1-1-3"]
nftnl-1-1-3 = ["nftnl-1-1-2"]
nftnl-1-1-2 = ["nftnl-1-1-1"]
nftnl-1-1-1 = ["nftnl-1-1-0"]
nftnl-1-1-0 = ["nftnl-1-0-9"]
nftnl-1-0-9 = ["nftnl-1-0-8"]
nftnl-1-0-8 = ["nftnl-1-0-7"]
nftnl-1-0-7 = []

[dependencies]
cfg-if = "1.0"
libc = "0.2.166"
mnl-sys = "0.2.2" # Find and link `libmnl`

[build-dependencies]
cfg-if = "1.0"
Expand Down
17 changes: 15 additions & 2 deletions nftnl-sys/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,22 @@ See [`nftnl`] for a higher level safe abstraction.

## Linking to libmnl and libnftnl

### `pkg-config`
By default this crate uses pkg-config to find and link to its C dependencies, [`libmnl`] and
[`libnftnl`]. To manually configure where to look for these libraries, set the environment
[`libnftnl`].

### Manually
To manually configure where to look for these libraries, either set the environment
variables `LIBMNL_LIB_DIR` and `LIBNFTNL_LIB_DIR` to point to the directories where `libmnl.so`
(or `libmnl.a`) and `libnftnl.so` (or `libnftnl.a`) reside.
(or `libmnl.a`) and `libnftnl.so` (or `libnftnl.a`) reside, or [`override the build script`] to
manually set the linker directives for both `nftnl` and `mnl`:

```toml
# .cargo/config.toml
[target.x86_64-unknown-linux-gnu.nftnl]
rustc-link-lib = ["nftnl", "mnl"]
rustc-link-search = ["<type>=<path-to-libnftnl>", "<type>=<path-to-libmnl>"]
```

## Selecting version of `libnftnl`

Expand All @@ -31,5 +43,6 @@ nftnl-sys = { version = "0.1", features = ["nftnl-1-0-9"] }
[`libmnl`]: https://netfilter.org/projects/libmnl/
[`nftnl`]: https://crates.io/crates/nftnl
[`bindgen`]: https://crates.io/crates/bindgen
[`override the build script`]: https://doc.rust-lang.org/cargo/reference/build-scripts.html#overriding-build-scripts

License: MIT/Apache-2.0
Loading
Loading