diff options
| author | Jose M. Guisado Gomez <guigom@riseup.net> | 2020-09-21 15:28:23 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-09-30 12:09:18 +0200 |
| commit | 702ac2b72c0e8fb570ef30dd942472bf5d4146b8 (patch) | |
| tree | 2d4cb752363d219d0cbbee7f6dd18ddab2ac94d7 /src/mnl.c | |
| parent | f02aa3764a48c2afd17761a211f70da941c71d00 (diff) | |
src: add comment support for chains
This patch enables the user to specify a comment when adding a chain.
Relies on kernel space supporting userdata for chains.
> nft add table ip filter
> nft add chain ip filter input { comment "test"\; type filter hook input priority 0\; policy accept\; }
> list ruleset
table ip filter {
chain input {
comment "test"
type filter hook input priority filter; policy accept;
}
}
Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/mnl.c')
| -rw-r--r-- | src/mnl.c | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -601,6 +601,7 @@ err: int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags) { + struct nftnl_udata_buf *udbuf; int priority, policy, i = 0; struct nftnl_chain *nlc; unsigned int ifname_len; @@ -661,6 +662,16 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd, xfree(dev_array); } + if (cmd->chain->comment) { + udbuf = nftnl_udata_buf_alloc(NFT_USERDATA_MAXLEN); + if (!udbuf) + memory_allocation_error(); + if (!nftnl_udata_put_strz(udbuf, NFTNL_UDATA_CHAIN_COMMENT, cmd->chain->comment)) + memory_allocation_error(); + nftnl_chain_set_data(nlc, NFTNL_CHAIN_USERDATA, nftnl_udata_buf_data(udbuf), + nftnl_udata_buf_len(udbuf)); + nftnl_udata_buf_free(udbuf); + } } netlink_dump_chain(nlc, ctx); |