From: Phil Sutter <phil@nwl.cc>
Date: Fri, 23 Jan 2026 00:21:21 +0000 (+0100)
Subject: xt: Print comment match data as well
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ece10aa3f8cc4da0ab105a3b4b2a3f62ce9ec992;p=thirdparty%2Fnftables.git

xt: Print comment match data as well

In order to translate comment matches into the single nftables rule
comment, libxtables does not immediately (maybe mid-rule) print a
comment match's string but instead stores it into struct
xt_xlate::comment array for later.

Since xt_stmt_xlate() is called by a statement's .print callback which
can't communicate data back to caller, nftables has to print it right
away.

Since parser_bison accepts rule comments only at end of line though, the
output from above can't be restored anymore. Which is a bad idea to
begin with so accept this quirk and avoid refactoring the statement
printing API.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---

diff --git a/src/xt.c b/src/xt.c
index f7bee216..c3a8c476 100644
--- a/src/xt.c
+++ b/src/xt.c
@@ -112,8 +112,12 @@ void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx)
 		break;
 	}
 
-	if (rc == 1)
+	if (rc == 1) {
 		nft_print(octx, "%s", xt_xlate_get(xl));
+		if (xt_xlate_get_comment(xl))
+			nft_print(octx, "comment %s",
+				  xt_xlate_get_comment(xl));
+	}
 	xt_xlate_free(xl);
 	free(entry);
 #endif