From: Patrick McHardy <kaber@trash.net>
To: pablo@netfilter.org
Cc: netfilter-devel@vger.kernel.org
Subject: [PATCH 09/10] setelem: add support for attaching comments to set elements
Date: Sun, 12 Apr 2015 13:16:17 +0100 [thread overview]
Message-ID: <1428840978-27226-10-git-send-email-kaber@trash.net> (raw)
In-Reply-To: <1428840978-27226-1-git-send-email-kaber@trash.net>
Syntax:
# nft add element filter test { 192.168.0.1 comment "some host" }
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
include/expression.h | 1 +
include/linux/netfilter/nf_tables.h | 2 ++
src/expression.c | 3 +++
src/netlink.c | 11 +++++++++++
src/parser_bison.y | 4 ++++
5 files changed, 21 insertions(+)
diff --git a/include/expression.h b/include/expression.h
index 6f23b6d..010cb95 100644
--- a/include/expression.h
+++ b/include/expression.h
@@ -236,6 +236,7 @@ struct expr {
struct expr *key;
uint64_t timeout;
uint64_t expiration;
+ const char *comment;
};
struct {
/* EXPR_UNARY */
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 6894ba3..334b389 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -291,6 +291,7 @@ enum nft_set_elem_flags {
* @NFTA_SET_ELEM_FLAGS: bitmask of nft_set_elem_flags (NLA_U32)
* @NFTA_SET_ELEM_TIMEOUT: timeout value (NLA_U64)
* @NFTA_SET_ELEM_EXPIRATION: expiration time (NLA_U64)
+ * @NFTA_SET_ELEM_USERDATA: user data (NLA_BINARY)
*/
enum nft_set_elem_attributes {
NFTA_SET_ELEM_UNSPEC,
@@ -299,6 +300,7 @@ enum nft_set_elem_attributes {
NFTA_SET_ELEM_FLAGS,
NFTA_SET_ELEM_TIMEOUT,
NFTA_SET_ELEM_EXPIRATION,
+ NFTA_SET_ELEM_USERDATA,
__NFTA_SET_ELEM_MAX
};
#define NFTA_SET_ELEM_MAX (__NFTA_SET_ELEM_MAX - 1)
diff --git a/src/expression.c b/src/expression.c
index 2037c60..3edc550 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -897,10 +897,13 @@ static void set_elem_expr_print(const struct expr *expr)
printf(" expires ");
time_print(expr->expiration / 1000);
}
+ if (expr->comment)
+ printf(" comment \"%s\"", expr->comment);
}
static void set_elem_expr_destroy(struct expr *expr)
{
+ xfree(expr->comment);
expr_free(expr->key);
}
diff --git a/src/netlink.c b/src/netlink.c
index 4de4f47..23403bd 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -228,6 +228,9 @@ static struct nft_set_elem *alloc_nft_setelem(const struct expr *expr)
if (elem->timeout)
nft_set_elem_attr_set_u64(nlse, NFT_SET_ELEM_ATTR_TIMEOUT,
elem->timeout);
+ if (elem->comment)
+ nft_set_elem_attr_set(nlse, NFT_SET_ELEM_ATTR_USERDATA,
+ elem->comment, strlen(elem->comment) + 1);
if (data != NULL) {
netlink_gen_data(data, &nld);
@@ -1132,6 +1135,14 @@ static int netlink_delinearize_setelem(struct nft_set_elem *nlse,
expr->timeout = nft_set_elem_attr_get_u64(nlse, NFT_SET_ELEM_ATTR_TIMEOUT);
if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_EXPIRATION))
expr->expiration = nft_set_elem_attr_get_u64(nlse, NFT_SET_ELEM_ATTR_EXPIRATION);
+ if (nft_set_elem_attr_is_set(nlse, NFT_SET_ELEM_ATTR_USERDATA)) {
+ const void *data;
+ uint32_t len;
+
+ data = nft_set_elem_attr_get(nlse, NFT_SET_ELEM_ATTR_USERDATA, &len);
+ expr->comment = xmalloc(len);
+ memcpy((char *)expr->comment, data, len);
+ }
if (flags & NFT_SET_ELEM_INTERVAL_END) {
expr->flags |= EXPR_F_INTERVAL_END;
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 736704a..0f2d71a 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1799,6 +1799,10 @@ set_elem_option : TIMEOUT time_spec
{
$<expr>0->timeout = $2 * 1000;
}
+ | COMMENT string
+ {
+ $<expr>0->comment = $2;
+ }
;
set_lhs_expr : concat_expr
--
2.1.0
next prev parent reply other threads:[~2015-04-12 12:16 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-12 12:16 [PATCH 00/10] nftables: set timeouts and dynamic updates Patrick McHardy
2015-04-12 12:16 ` [PATCH 01/10] datatype: fix parsing of time type Patrick McHardy
2015-04-12 12:16 ` [PATCH 02/10] datatype: less strict time parsing Patrick McHardy
2015-04-12 12:16 ` [PATCH 03/10] datatype: seperate time parsing/printing from time_type Patrick McHardy
2015-04-12 12:16 ` [PATCH 04/10] parser: add a time_spec rule Patrick McHardy
2015-04-12 12:16 ` [PATCH 05/10] parser: fix inconsistencies in set expression rules Patrick McHardy
2015-04-12 12:16 ` [PATCH 06/10] expr: add set_elem_expr as container for set element attributes Patrick McHardy
2015-04-12 12:16 ` [PATCH 07/10] set: add timeout support for sets Patrick McHardy
2015-04-12 12:16 ` [PATCH 08/10] setelem: add timeout support for set elements Patrick McHardy
2015-04-12 12:16 ` Patrick McHardy [this message]
2015-04-12 12:16 ` [PATCH 10/10] nftables: add set statement Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1428840978-27226-10-git-send-email-kaber@trash.net \
--to=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).