src: add comment support for chains

This patch enables the user to specify a comment when adding a chain. Relies on kernel space supporting userdata for chains. > nft add table ip filter > nft add chain ip filter input { comment "test"\; type filter hook input priority 0\; policy accept\; } > list ruleset table ip filter { chain input { comment "test" type filter hook input priority filter; policy accept; } } Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Jose M. Guisado Gomez <guigom@riseup.net> 2020-09-21 15:28:23 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2020-09-30 12:09:18 +0200
commit: 702ac2b72c0e8fb570ef30dd942472bf5d4146b8 (patch)
tree: 2d4cb752363d219d0cbbee7f6dd18ddab2ac94d7 /src/rule.c
parent: f02aa3764a48c2afd17761a211f70da941c71d00 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/rule.c b/src/rule.c
index dabb3579..d75b36c4 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -929,6 +929,7 @@ void chain_free(struct chain *chain)
 	xfree(chain->dev_array);
 	expr_free(chain->priority.expr);
 	expr_free(chain->policy);
+	xfree(chain->comment);
 	xfree(chain);
 }
 
@@ -1220,6 +1221,8 @@ static void chain_print_declaration(const struct chain *chain,
 	nft_print(octx, "\tchain %s {", chain->handle.chain.name);
 	if (nft_output_handle(octx))
 		nft_print(octx, " # handle %" PRIu64, chain->handle.handle.id);
+	if (chain->comment)
+		nft_print(octx, "\n\t\tcomment \"%s\"", chain->comment);
 	nft_print(octx, "\n");
 	if (chain->flags & CHAIN_F_BASECHAIN) {
 		nft_print(octx, "\t\ttype %s hook %s", chain->type,
author	Jose M. Guisado Gomez <guigom@riseup.net>	2020-09-21 15:28:23 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2020-09-30 12:09:18 +0200
commit	702ac2b72c0e8fb570ef30dd942472bf5d4146b8 (patch)
tree	2d4cb752363d219d0cbbee7f6dd18ddab2ac94d7 /src/rule.c
parent	f02aa3764a48c2afd17761a211f70da941c71d00 (diff)