From 702ac2b72c0e8fb570ef30dd942472bf5d4146b8 Mon Sep 17 00:00:00 2001 From: "Jose M. Guisado Gomez" Date: Mon, 21 Sep 2020 15:28:23 +0200 Subject: src: add comment support for chains This patch enables the user to specify a comment when adding a chain. Relies on kernel space supporting userdata for chains. > nft add table ip filter > nft add chain ip filter input { comment "test"\; type filter hook input priority 0\; policy accept\; } > list ruleset table ip filter { chain input { comment "test" type filter hook input priority filter; policy accept; } } Signed-off-by: Jose M. Guisado Gomez Signed-off-by: Pablo Neira Ayuso --- src/mnl.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'src/mnl.c') diff --git a/src/mnl.c b/src/mnl.c index 6699b917..adb55d4d 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -601,6 +601,7 @@ err: int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags) { + struct nftnl_udata_buf *udbuf; int priority, policy, i = 0; struct nftnl_chain *nlc; unsigned int ifname_len; @@ -661,6 +662,16 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd, xfree(dev_array); } + if (cmd->chain->comment) { + udbuf = nftnl_udata_buf_alloc(NFT_USERDATA_MAXLEN); + if (!udbuf) + memory_allocation_error(); + if (!nftnl_udata_put_strz(udbuf, NFTNL_UDATA_CHAIN_COMMENT, cmd->chain->comment)) + memory_allocation_error(); + nftnl_chain_set_data(nlc, NFTNL_CHAIN_USERDATA, nftnl_udata_buf_data(udbuf), + nftnl_udata_buf_len(udbuf)); + nftnl_udata_buf_free(udbuf); + } } netlink_dump_chain(nlc, ctx); -- cgit v1.2.3