Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | tests/shell: test for maximum length of "comment" in "comments_objects_0" | Thomas Haller | 2023-10-24 | 1 | -1/+6 |
| | | | | | | | | | | | | | | | The comment length is limited to NFTNL_UDATA_COMMENT_MAXLEN. Test for that. Adjust an existing test for that. Also rename $EXPECTED to $RULESET. We don't compare the value of $EXPECTED against the actually configured rules. It also wouldn't work, because the input is not normalized and wouldn't match. It also isn't necessary, because there is a .nft dump file. Signed-off-by: Thomas Haller <thaller@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | src: add comment support for objects | Jose M. Guisado Gomez | 2020-09-08 | 1 | -0/+37 |
Enables specifying an optional comment when declaring named objects. The comment is to be specified inside the object's block ({} block) Relies on libnftnl exporting nftnl_obj_get_data and kernel space support to store the comments. For consistency, this patch makes the comment be printed first when listing objects. Adds a testcase importing all commented named objects except for secmark, although it's supported. Example: Adding a quota with a comment > add table inet filter > nft add quota inet filter q { over 1200 bytes \; comment "test_comment"\; } > list ruleset table inet filter { quota q { comment "test_comment" over 1200 bytes } } Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |