diff options
author | Phil Sutter <phil@nwl.cc> | 2018-11-27 20:07:11 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-11-27 20:46:26 +0100 |
commit | ccf154d7420c07b6e6febc1c3b8b31d2bd1adbe6 (patch) | |
tree | f197af81ce1b071b2a34e8f563a02aec3f6daa00 /iptables/nft.c | |
parent | 2ed6c85f8743a83d2b302bf6bd8d16b5efa3bb14 (diff) |
xtables: Don't use native nftables comments
The problem with converting libxt_comment into nftables comment is that
rules change when parsing from kernel due to comment match being moved
to the end of the match list. And since match ordering matters, the rule
may not be found anymore when checking or deleting. Apart from that,
iptables-nft didn't support multiple comments per rule anymore. This is
a compatibility issue without technical reason.
Leave conversion from nftables comment to libxt_comment in place so we
don't break running systems during an update.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft.c')
-rw-r--r-- | iptables/nft.c | 27 |
1 files changed, 0 insertions, 27 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 0223c0ed..7b6fb2b1 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1129,33 +1129,6 @@ enum udata_type { }; #define UDATA_TYPE_MAX (__UDATA_TYPE_MAX - 1) -int add_comment(struct nftnl_rule *r, const char *comment) -{ - struct nftnl_udata_buf *udata; - uint32_t len; - - if (nftnl_rule_get_data(r, NFTNL_RULE_USERDATA, &len)) - return -EALREADY; - - udata = nftnl_udata_buf_alloc(NFT_USERDATA_MAXLEN); - if (!udata) - return -ENOMEM; - - if (strnlen(comment, 255) == 255) - return -ENOSPC; - - if (!nftnl_udata_put_strz(udata, UDATA_TYPE_COMMENT, comment)) - return -ENOMEM; - - nftnl_rule_set_data(r, NFTNL_RULE_USERDATA, - nftnl_udata_buf_data(udata), - nftnl_udata_buf_len(udata)); - - nftnl_udata_buf_free(udata); - - return 0; -} - static int parse_udata_cb(const struct nftnl_udata *attr, void *data) { unsigned char *value = nftnl_udata_get(attr); |