feature: add support for comments #118
Comments
|
@profawk Here is an example how UserData is used: https://github.com/sbezverk/nftableslib/blob/master/nfrules.go#L244, please let me know if you have further questions. |
|
This features doesn't seem to work for me. But when I try to add UserData to a rule, while it does seem to be added (I see the bytes in the rule dump), I don't see the comment when listing the ruleset with the nft cmdline tool. Example: And this is the dump: So far so good. And this is the other way around: And this is the dump I get (also good): Again, so far so good. But when I list the ruleset with nft cmdline, I don't get a comment. I see the rule, but no comment at the end. Also, unrelated but could be useful to also have UserData support for sets and set elements. Netlink obviously supports it, and implementation should be pretty similar to rule comments (or so I gather from the code, but I didn't deep dive), just use NFTA_SET_USERDATA/NFTA_SET_ELEM_USERDATA. |
|
@msdean I seem to have the same issue as you. |
|
Okay, I solved it: libnftl uses TVLs to encode different types of fields in the UserData attribute. Here is some quick example code to encode comments in the UserData: package proxy
import "encoding/binary"
type NftablesUserDataType byte
const (
NftablesUserDataTypeComment NftablesUserDataType = iota
NftablesUserDataTypeRuleID NftablesUserDataType = 100 // custom extension
)
func NftablesUserDataPut(udata []byte, typ NftablesUserDataType, data []byte) []byte {
udata = append(udata, byte(typ), byte(len(data)))
udata = append(udata, data...)
return udata
}
func NftablesUserDataGet(udata []byte, styp NftablesUserDataType) []byte {
for {
if len(udata) < 2 {
break
}
typ := NftablesUserDataType(udata[0])
length := int(udata[1])
data := udata[2 : 2+length]
if styp == typ {
return data
}
if len(udata) < 2+length {
break
} else {
udata = udata[2+length:]
}
}
return nil
}
func NftablesUserDataPutInt(udata []byte, typ NftablesUserDataType, num uint32) []byte {
data := make([]byte, 4)
binary.LittleEndian.PutUint32(data, num)
return NftablesUserDataPut(udata, typ, data)
}
func NftablesUserDataGetInt(udata []byte, typ NftablesUserDataType) (uint32, bool) {
data := NftablesUserDataGet(udata, typ)
if data == nil {
return 0, false
}
return binary.LittleEndian.Uint32(data), true
}
func NftablesUserDataPutString(udata []byte, typ NftablesUserDataType, str string) []byte {
data := append([]byte(str), 0)
return NftablesUserDataPut(udata, typ, data)
}
func NftablesUserDataGetString(udata []byte, typ NftablesUserDataType) (string, bool) {
data := NftablesUserDataGet(udata, typ)
if data == nil {
return "", false
}
return string(data), true
}
func AddRule(r *nftables.Rule) {
[...]
r.UserData = NftablesUdataPutString(r.UserData, NftablesUserDataTypeComment, "this is my comment")
r.UserData = NftablesUdataPutInt(r.UserData, NftablesUserDataTypeRuleId, uint32(1234))
[...]
ruleID, ok := NftablesUdataGetInt(r.UserData, NftablesUserDataTypeRuleId)
comment, ok := NftablesUdataGetString(r.UserData, NftablesUserDataTypeComment)
} |
|
@stv0g Very nice code. I strongly recommend making a PR to add these methods to |
|
I submitted a PR #221 |
|
Also related to #123? |
When adding rules there could be an option to set the
UserDatafield to a comment with a helper function maybeOr maybe add a field, this however is not as good of an option IMO because when flushing the rule the library will need to override the
UserDatafield.I do not know if it is used for anything else currently, i have only looked it the nft and kernel impl of comments to see if I could do it alone 😄
The text was updated successfully, but these errors were encountered: