diff options
author | Jose M. Guisado Gomez <guigom@riseup.net> | 2020-09-03 11:16:06 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-09-08 16:41:56 +0200 |
commit | 293c9b114faef074dbbda06df73f86317d28ef9b (patch) | |
tree | 2082a7c111a55174649d4b51b6d3c33471b1b4a2 /tests | |
parent | 741a06ac15d2bd903b33e5032f5f6fcd54bebc4e (diff) |
src: add comment support for objects
Enables specifying an optional comment when declaring named objects. The
comment is to be specified inside the object's block ({} block)
Relies on libnftnl exporting nftnl_obj_get_data and kernel space support
to store the comments.
For consistency, this patch makes the comment be printed first when
listing objects.
Adds a testcase importing all commented named objects except for secmark,
although it's supported.
Example: Adding a quota with a comment
> add table inet filter
> nft add quota inet filter q { over 1200 bytes \; comment "test_comment"\; }
> list ruleset
table inet filter {
quota q {
comment "test_comment"
over 1200 bytes
}
}
Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/shell/testcases/optionals/comments_objects_0 | 44 | ||||
-rw-r--r-- | tests/shell/testcases/optionals/dumps/comments_objects_0.nft | 37 |
2 files changed, 81 insertions, 0 deletions
diff --git a/tests/shell/testcases/optionals/comments_objects_0 b/tests/shell/testcases/optionals/comments_objects_0 new file mode 100755 index 00000000..7437c77b --- /dev/null +++ b/tests/shell/testcases/optionals/comments_objects_0 @@ -0,0 +1,44 @@ +#!/bin/bash + +EXPECTED='table ip filter { + quota q { + over 1200 bytes + comment "test1" + } + + counter c { + packets 0 bytes 0 + comment "test2" + } + + ct helper h { + type "sip" protocol tcp + l3proto ip + comment "test3" + } + + ct expectation e { + protocol tcp + dport 666 + timeout 100ms + size 96 + l3proto ip + comment "test4" + } + + limit l { + rate 400/hour + comment "test5" + } + + synproxy s { + mss 1460 + wscale 2 + comment "test6" + } +} +' + +set -e + +$NFT -f - <<< "$EXPECTED" diff --git a/tests/shell/testcases/optionals/dumps/comments_objects_0.nft b/tests/shell/testcases/optionals/dumps/comments_objects_0.nft new file mode 100644 index 00000000..b760ced6 --- /dev/null +++ b/tests/shell/testcases/optionals/dumps/comments_objects_0.nft @@ -0,0 +1,37 @@ +table ip filter { + quota q { + comment "test1" + over 1200 bytes + } + + counter c { + comment "test2" + packets 0 bytes 0 + } + + ct helper h { + comment "test3" + type "sip" protocol tcp + l3proto ip + } + + ct expectation e { + comment "test4" + protocol tcp + dport 666 + timeout 100ms + size 96 + l3proto ip + } + + limit l { + comment "test5" + rate 400/hour + } + + synproxy s { + comment "test6" + mss 1460 + wscale 2 + } +} |