diff options
| author | Jose M. Guisado Gomez <guigom@riseup.net> | 2020-08-11 16:27:20 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-08-12 16:13:28 +0200 |
| commit | 0864c2d49ee8a1cc537568c05e14943186480125 (patch) | |
| tree | 7ac6c8cdcc3b6108b8fe3400ddf541e3ebcc5b6a /src | |
| parent | 407c54f712554d1055c43e8a7d731a765564c16b (diff) | |
src: add comment support for set declarations
Allow users to add a comment when declaring a named set.
Adds set output handling the comment in both nftables and json
format.
$ nft add table ip x
$ nft add set ip x s {type ipv4_addr\; comment "some_addrs"\; elements = {1.1.1.1, 1.2.3.4}}
$ nft list ruleset
table ip x {
set s {
type ipv4_addr;
comment "some_addrs"
elements = { 1.1.1.1, 1.2.3.4 }
}
}
$ nft --json list ruleset
{
"nftables": [
{
"metainfo": {
"json_schema_version": 1,
"release_name": "Capital Idea #2",
"version": "0.9.6"
}
},
{
"table": {
"family": "ip",
"handle": 4857,
"name": "x"
}
},
{
"set": {
"comment": "some_addrs",
"elem": [
"1.1.1.1",
"1.2.3.4"
],
"family": "ip",
"handle": 1,
"name": "s",
"table": "x",
"type": "ipv4_addr"
}
}
]
}
Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/json.c | 3 | ||||
| -rw-r--r-- | src/mnl.c | 5 | ||||
| -rw-r--r-- | src/netlink.c | 11 | ||||
| -rw-r--r-- | src/parser_bison.y | 5 | ||||
| -rw-r--r-- | src/rule.c | 9 |
5 files changed, 32 insertions, 1 deletions
@@ -98,6 +98,9 @@ static json_t *set_print_json(struct output_ctx *octx, const struct set *set) "table", set->handle.table.name, "type", set_dtype_json(set->key), "handle", set->handle.handle.id); + + if (set->comment) + json_object_set_new(root, "comment", json_string(set->comment)); if (datatype_ext) json_object_set_new(root, "map", json_string(datatype_ext)); @@ -1042,6 +1042,11 @@ int mnl_nft_set_add(struct netlink_ctx *ctx, struct cmd *cmd, sizeof(set->desc.field_len[0])); } + if (set->comment) { + if (!nftnl_udata_put_strz(udbuf, NFTNL_UDATA_SET_COMMENT, set->comment)) + memory_allocation_error(); + } + nftnl_set_set_data(nls, NFTNL_SET_USERDATA, nftnl_udata_buf_data(udbuf), nftnl_udata_buf_len(udbuf)); nftnl_udata_buf_free(udbuf); diff --git a/src/netlink.c b/src/netlink.c index 2f1dbe17..20b3cdf5 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -661,6 +661,7 @@ void netlink_dump_set(const struct nftnl_set *nls, struct netlink_ctx *ctx) static int set_parse_udata_cb(const struct nftnl_udata *attr, void *data) { + unsigned char *value = nftnl_udata_get(attr); const struct nftnl_udata **tb = data; uint8_t type = nftnl_udata_type(attr); uint8_t len = nftnl_udata_len(attr); @@ -678,6 +679,10 @@ static int set_parse_udata_cb(const struct nftnl_udata *attr, void *data) if (len < 3) return -1; break; + case NFTNL_UDATA_SET_COMMENT: + if (value[len - 1] != '\0') + return -1; + break; default: return 0; } @@ -751,11 +756,11 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx, enum byteorder databyteorder = BYTEORDER_INVALID; const struct datatype *keytype, *datatype = NULL; struct expr *typeof_expr_key, *typeof_expr_data; + const char *udata, *comment = NULL; uint32_t flags, key, objtype = 0; const struct datatype *dtype; uint32_t data_interval = 0; bool automerge = false; - const char *udata; struct set *set; uint32_t ulen; uint32_t klen; @@ -783,6 +788,8 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx, typeof_expr_key = set_make_key(ud[NFTNL_UDATA_SET_KEY_TYPEOF]); if (ud[NFTNL_UDATA_SET_DATA_TYPEOF]) typeof_expr_data = set_make_key(ud[NFTNL_UDATA_SET_DATA_TYPEOF]); + if (ud[NFTNL_UDATA_SET_COMMENT]) + comment = xstrdup(nftnl_udata_get(ud[NFTNL_UDATA_SET_COMMENT])); } key = nftnl_set_get_u32(nls, NFTNL_SET_KEY_TYPE); @@ -819,6 +826,8 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx, set->handle.table.name = xstrdup(nftnl_set_get_str(nls, NFTNL_SET_TABLE)); set->handle.set.name = xstrdup(nftnl_set_get_str(nls, NFTNL_SET_NAME)); set->automerge = automerge; + if (comment) + set->comment = comment; if (nftnl_set_is_set(nls, NFTNL_SET_EXPR)) { const struct nftnl_expr *nle; diff --git a/src/parser_bison.y b/src/parser_bison.y index 167c3158..7e094ff6 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1768,6 +1768,11 @@ set_block : /* empty */ { $$ = $<set>-1; } $$ = $1; } | set_block set_mechanism stmt_separator + | set_block comment_spec stmt_separator + { + $1->comment = $2; + $$ = $1; + } ; set_block_expr : set_expr @@ -367,6 +367,8 @@ void set_free(struct set *set) return; if (set->init != NULL) expr_free(set->init); + if (set->comment) + xfree(set->comment); handle_free(&set->handle); stmt_free(set->stmt); expr_free(set->key); @@ -584,6 +586,13 @@ static void set_print_declaration(const struct set *set, time_print(set->gc_int, octx); nft_print(octx, "%s", opts->stmt_separator); } + + if (set->comment) { + nft_print(octx, "%s%scomment \"%s\"%s", + opts->tab, opts->tab, + set->comment, + opts->stmt_separator); + } } static void do_set_print(const struct set *set, struct print_fmt_options *opts, |