This new function allows us to add comments to the nft rule. This
can be used to provide a translation for the comment match.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
include/xtables.h | 1 +
libxtables/xtables.c | 41 ++++++++++++++++++++++++++---------------
2 files changed, 27 insertions(+), 15 deletions(-)
diff --git a/include/xtables.h b/include/xtables.h
index 82aa2bb..6fd3bdf 100644
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -573,6 +573,7 @@ extern const char *xtables_lmap_id2name(const struct xtables_lmap *, int);
struct xt_xlate *xt_xlate_alloc(int size);
void xt_xlate_free(struct xt_xlate *xl);
void xt_xlate_add(struct xt_xlate *xl, const char *fmt, ...);
+void xt_xlate_add_comment(struct xt_xlate *xl, const char *comment);
const char *xt_xlate_get(struct xt_xlate *xl);
#ifdef XTABLES_INTERNAL
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 32d6a5a..c4b86f5 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -1987,11 +1987,16 @@ void get_kernel_version(void)
kernel_version = LINUX_VERSION(x, y, z);
}
+#include <linux/netfilter/nf_tables.h>
+
struct xt_xlate {
- char *data;
- int size;
- int rem;
- int off;
+ struct {
+ char *data;
+ int size;
+ int rem;
+ int off;
+ } buf;
+ char comment[NFT_USERDATA_MAXLEN];
};
struct xt_xlate *xt_xlate_alloc(int size)
@@ -2002,20 +2007,20 @@ struct xt_xlate *xt_xlate_alloc(int size)
if (xl == NULL)
xtables_error(RESOURCE_PROBLEM, "OOM");
- xl->data = malloc(size);
- if (xl->data == NULL)
+ xl->buf.data = malloc(size);
+ if (xl->buf.data == NULL)
xtables_error(RESOURCE_PROBLEM, "OOM");
- xl->size = size;
- xl->rem = size;
- xl->off = 0;
+ xl->buf.size = size;
+ xl->buf.rem = size;
+ xl->buf.off = 0;
return xl;
}
void xt_xlate_free(struct xt_xlate *xl)
{
- free(xl->data);
+ free(xl->buf.data);
free(xl);
}
@@ -2025,16 +2030,22 @@ void xt_xlate_add(struct xt_xlate *xl, const char *fmt, ...)
int len;
va_start(ap, fmt);
- len = vsnprintf(xl->data + xl->off, xl->rem, fmt, ap);
- if (len < 0 || len >= xl->rem)
+ len = vsnprintf(xl->buf.data + xl->buf.off, xl->buf.rem, fmt, ap);
+ if (len < 0 || len >= xl->buf.rem)
xtables_error(RESOURCE_PROBLEM, "OOM");
va_end(ap);
- xl->rem -= len;
- xl->off += len;
+ xl->buf.rem -= len;
+ xl->buf.off += len;
+}
+
+void xt_xlate_add_comment(struct xt_xlate *xl, const char *comment)
+{
+ strncpy(xl->comment, comment, NFT_USERDATA_MAXLEN - 1);
+ xl->comment[NFT_USERDATA_MAXLEN - 1] = '\0';
}
const char *xt_xlate_get(struct xt_xlate *xl)
{
- return xl->data;
+ return xl->buf.data;
}
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
