This new function allows us to add comments to the nft rule. This can be used to provide a translation for the comment match. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- include/xtables.h | 1 + libxtables/xtables.c | 41 ++++++++++++++++++++++++++--------------- 2 files changed, 27 insertions(+), 15 deletions(-) diff --git a/include/xtables.h b/include/xtables.h index 82aa2bb..6fd3bdf 100644 --- a/include/xtables.h +++ b/include/xtables.h @@ -573,6 +573,7 @@ extern const char *xtables_lmap_id2name(const struct xtables_lmap *, int); struct xt_xlate *xt_xlate_alloc(int size); void xt_xlate_free(struct xt_xlate *xl); void xt_xlate_add(struct xt_xlate *xl, const char *fmt, ...); +void xt_xlate_add_comment(struct xt_xlate *xl, const char *comment); const char *xt_xlate_get(struct xt_xlate *xl); #ifdef XTABLES_INTERNAL diff --git a/libxtables/xtables.c b/libxtables/xtables.c index 32d6a5a..c4b86f5 100644 --- a/libxtables/xtables.c +++ b/libxtables/xtables.c @@ -1987,11 +1987,16 @@ void get_kernel_version(void) kernel_version = LINUX_VERSION(x, y, z); } +#include <linux/netfilter/nf_tables.h> + struct xt_xlate { - char *data; - int size; - int rem; - int off; + struct { + char *data; + int size; + int rem; + int off; + } buf; + char comment[NFT_USERDATA_MAXLEN]; }; struct xt_xlate *xt_xlate_alloc(int size) @@ -2002,20 +2007,20 @@ struct xt_xlate *xt_xlate_alloc(int size) if (xl == NULL) xtables_error(RESOURCE_PROBLEM, "OOM"); - xl->data = malloc(size); - if (xl->data == NULL) + xl->buf.data = malloc(size); + if (xl->buf.data == NULL) xtables_error(RESOURCE_PROBLEM, "OOM"); - xl->size = size; - xl->rem = size; - xl->off = 0; + xl->buf.size = size; + xl->buf.rem = size; + xl->buf.off = 0; return xl; } void xt_xlate_free(struct xt_xlate *xl) { - free(xl->data); + free(xl->buf.data); free(xl); } @@ -2025,16 +2030,22 @@ void xt_xlate_add(struct xt_xlate *xl, const char *fmt, ...) int len; va_start(ap, fmt); - len = vsnprintf(xl->data + xl->off, xl->rem, fmt, ap); - if (len < 0 || len >= xl->rem) + len = vsnprintf(xl->buf.data + xl->buf.off, xl->buf.rem, fmt, ap); + if (len < 0 || len >= xl->buf.rem) xtables_error(RESOURCE_PROBLEM, "OOM"); va_end(ap); - xl->rem -= len; - xl->off += len; + xl->buf.rem -= len; + xl->buf.off += len; +} + +void xt_xlate_add_comment(struct xt_xlate *xl, const char *comment) +{ + strncpy(xl->comment, comment, NFT_USERDATA_MAXLEN - 1); + xl->comment[NFT_USERDATA_MAXLEN - 1] = '\0'; } const char *xt_xlate_get(struct xt_xlate *xl) { - return xl->data; + return xl->buf.data; } -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html