On Tue, Dec 22, 2015 at 10:34 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Tue, Dec 22, 2015 at 03:48:34PM +0530, Shivani Bhardwaj wrote:
>> Add translation for comment module to nftables.
>>
>> Examples:
>>
>> $ sudo iptables-translate -A INPUT -m comment --comment "random comment"
>> nft add rule ip filter INPUT counter comment \"random comment\"
>>
>> $ sudo iptables-translate -A INPUT -i eth1 -m comment --comment "Local LAN"
>> nft add rule ip filter INPUT iifname eth1 counter comment \"Local LAN\"
>>
>> Signed-off-by: Shivani Bhardwaj <shivanib134@xxxxxxxxx>
>> ---
>> extensions/libxt_comment.c | 17 +++++++++++++++--
>> 1 file changed, 15 insertions(+), 2 deletions(-)
>>
>> diff --git a/extensions/libxt_comment.c b/extensions/libxt_comment.c
>> index 6ed2ff9..bbbd6cb 100644
>> --- a/extensions/libxt_comment.c
>> +++ b/extensions/libxt_comment.c
>> @@ -48,6 +48,18 @@ comment_save(const void *ip, const struct xt_entry_match *match)
>> xtables_save_string(commentinfo->comment);
>> }
>>
>> +static int
>> +comment_xlate(const struct xt_entry_match *match,
>> + struct xt_buf *buf, int numeric)
>> +{
>> + struct xt_comment_info *commentinfo = (void *)match->data;
>> +
>> + commentinfo->comment[XT_MAX_COMMENT_LEN-1] = '\0';
>> + xt_buf_add(buf, "counter comment \\\"%s\\\" ", commentinfo->comment);
> ^^^^^^^
>
> We have to find a better way to fix this from the core infrastructure.
Is removing counter at all for this one going to be a good option?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
