summaryrefslogtreecommitdiffstats
path: root/src/netlink_delinearize.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2014-02-26 01:51:31 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2014-02-27 17:10:26 +0100
commitb2c827223395682ee231504385f692267d1a3bfb (patch)
tree6489771dd4cd450799c9d59b9ecde6bedbd45df0 /src/netlink_delinearize.c
parente61e363e5603352322b59f7c09c968392ba1cef6 (diff)
src: add support for rule human-readable comments
This patch adds support for human-readable comments: nft add rule filter input accept comment \"accept all traffic\" Note that comments *always* come at the end of the rule. This uses the new data area that allows you to attach information to the rule via netlink. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_delinearize.c')
-rw-r--r--src/netlink_delinearize.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 5eec6cfb..ca720913 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -884,9 +884,20 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
h.table = xstrdup(nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_TABLE));
h.chain = xstrdup(nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_CHAIN));
h.handle = nft_rule_attr_get_u64(nlr, NFT_RULE_ATTR_HANDLE);
+
if (nft_rule_attr_is_set(nlr, NFT_RULE_ATTR_POSITION))
h.position = nft_rule_attr_get_u64(nlr, NFT_RULE_ATTR_POSITION);
+ if (nft_rule_attr_is_set(nlr, NFT_RULE_ATTR_USERDATA)) {
+ uint32_t len;
+ const void *data;
+
+ data = nft_rule_attr_get_data(nlr, NFT_RULE_ATTR_USERDATA,
+ &len);
+ h.comment = xmalloc(len);
+ memcpy((char *)h.comment, data, len);
+ }
+
pctx->rule = rule_alloc(&netlink_location, &h);
pctx->table = table_lookup(&h);
assert(pctx->table != NULL);