diff options
author | Jose M. Guisado Gomez <guigom@riseup.net> | 2020-09-21 15:28:23 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-09-30 12:09:18 +0200 |
commit | 702ac2b72c0e8fb570ef30dd942472bf5d4146b8 (patch) | |
tree | 2d4cb752363d219d0cbbee7f6dd18ddab2ac94d7 /src/rule.c | |
parent | f02aa3764a48c2afd17761a211f70da941c71d00 (diff) |
src: add comment support for chains
This patch enables the user to specify a comment when adding a chain.
Relies on kernel space supporting userdata for chains.
> nft add table ip filter
> nft add chain ip filter input { comment "test"\; type filter hook input priority 0\; policy accept\; }
> list ruleset
table ip filter {
chain input {
comment "test"
type filter hook input priority filter; policy accept;
}
}
Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/rule.c')
-rw-r--r-- | src/rule.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -929,6 +929,7 @@ void chain_free(struct chain *chain) xfree(chain->dev_array); expr_free(chain->priority.expr); expr_free(chain->policy); + xfree(chain->comment); xfree(chain); } @@ -1220,6 +1221,8 @@ static void chain_print_declaration(const struct chain *chain, nft_print(octx, "\tchain %s {", chain->handle.chain.name); if (nft_output_handle(octx)) nft_print(octx, " # handle %" PRIu64, chain->handle.handle.id); + if (chain->comment) + nft_print(octx, "\n\t\tcomment \"%s\"", chain->comment); nft_print(octx, "\n"); if (chain->flags & CHAIN_F_BASECHAIN) { nft_print(octx, "\t\ttype %s hook %s", chain->type, |