git.ipfire.org Git - thirdparty/nftables.git/commit

author	Jose M. Guisado Gomez <guigom@riseup.net>
	Thu, 3 Sep 2020 09:16:06 +0000 (11:16 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 8 Sep 2020 14:41:56 +0000 (16:41 +0200)
commit	293c9b114faef074dbbda06df73f86317d28ef9b
tree	2082a7c111a55174649d4b51b6d3c33471b1b4a2	tree \| snapshot
parent	741a06ac15d2bd903b33e5032f5f6fcd54bebc4e	commit \| diff

src: add comment support for objects

Enables specifying an optional comment when declaring named objects. The
comment is to be specified inside the object's block ({} block)

Relies on libnftnl exporting nftnl_obj_get_data and kernel space support
to store the comments.

For consistency, this patch makes the comment be printed first when
listing objects.

Adds a testcase importing all commented named objects except for secmark,
although it's supported.

Example: Adding a quota with a comment

> add table inet filter
> nft add quota inet filter q { over 1200 bytes \; comment "test_comment"\; }
> list ruleset

table inet filter {
quota q {
comment "test_comment"
over 1200 bytes
}
}

Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/rule.h		diff \| blob \| blame \| history
src/mnl.c		diff \| blob \| blame \| history
src/netlink.c		diff \| blob \| blame \| history
src/parser_bison.y		diff \| blob \| blame \| history
src/rule.c		diff \| blob \| blame \| history
tests/shell/testcases/optionals/comments_objects_0	[new file with mode: 0755]	blob
tests/shell/testcases/optionals/dumps/comments_objects_0.nft	[new file with mode: 0644]	blob