[PATCH 3/3 iptables,xlate4] xtables: add xt_xlate_add_comment()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This new function allows us to add comments to the nft rule. This
can be used to provide a translation for the comment match.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 include/xtables.h    |  1 +
 libxtables/xtables.c | 41 ++++++++++++++++++++++++++---------------
 2 files changed, 27 insertions(+), 15 deletions(-)

diff --git a/include/xtables.h b/include/xtables.h
index 82aa2bb..6fd3bdf 100644
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -573,6 +573,7 @@ extern const char *xtables_lmap_id2name(const struct xtables_lmap *, int);
 struct xt_xlate *xt_xlate_alloc(int size);
 void xt_xlate_free(struct xt_xlate *xl);
 void xt_xlate_add(struct xt_xlate *xl, const char *fmt, ...);
+void xt_xlate_add_comment(struct xt_xlate *xl, const char *comment);
 const char *xt_xlate_get(struct xt_xlate *xl);
 
 #ifdef XTABLES_INTERNAL
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 32d6a5a..c4b86f5 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -1987,11 +1987,16 @@ void get_kernel_version(void)
 	kernel_version = LINUX_VERSION(x, y, z);
 }
 
+#include <linux/netfilter/nf_tables.h>
+
 struct xt_xlate {
-	char	*data;
-	int	size;
-	int	rem;
-	int	off;
+	struct {
+		char	*data;
+		int	size;
+		int	rem;
+		int	off;
+	} buf;
+	char comment[NFT_USERDATA_MAXLEN];
 };
 
 struct xt_xlate *xt_xlate_alloc(int size)
@@ -2002,20 +2007,20 @@ struct xt_xlate *xt_xlate_alloc(int size)
 	if (xl == NULL)
 		xtables_error(RESOURCE_PROBLEM, "OOM");
 
-	xl->data = malloc(size);
-	if (xl->data == NULL)
+	xl->buf.data = malloc(size);
+	if (xl->buf.data == NULL)
 		xtables_error(RESOURCE_PROBLEM, "OOM");
 
-	xl->size = size;
-	xl->rem = size;
-	xl->off = 0;
+	xl->buf.size = size;
+	xl->buf.rem = size;
+	xl->buf.off = 0;
 
 	return xl;
 }
 
 void xt_xlate_free(struct xt_xlate *xl)
 {
-	free(xl->data);
+	free(xl->buf.data);
 	free(xl);
 }
 
@@ -2025,16 +2030,22 @@ void xt_xlate_add(struct xt_xlate *xl, const char *fmt, ...)
 	int len;
 
 	va_start(ap, fmt);
-	len = vsnprintf(xl->data + xl->off, xl->rem, fmt, ap);
-	if (len < 0 || len >= xl->rem)
+	len = vsnprintf(xl->buf.data + xl->buf.off, xl->buf.rem, fmt, ap);
+	if (len < 0 || len >= xl->buf.rem)
 		xtables_error(RESOURCE_PROBLEM, "OOM");
 
 	va_end(ap);
-	xl->rem -= len;
-	xl->off += len;
+	xl->buf.rem -= len;
+	xl->buf.off += len;
+}
+
+void xt_xlate_add_comment(struct xt_xlate *xl, const char *comment)
+{
+	strncpy(xl->comment, comment, NFT_USERDATA_MAXLEN - 1);
+	xl->comment[NFT_USERDATA_MAXLEN - 1] = '\0';
 }
 
 const char *xt_xlate_get(struct xt_xlate *xl)
 {
-	return xl->data;
+	return xl->buf.data;
 }
-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux