Merge dae73eaa9c into 4195a123ff

add DataInterval flag for maps, fix comments (#327 )
rule: add String() method
2025-09-22 16:37:02 +02:00 · 2025-09-19 16:36:24 +02:00 · 2020-08-03 10:59:40 -04:00
7 changed files with 109 additions and 13 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 nftables.test
--- a/README.md
+++ b/README.md
@ -21,4 +21,12 @@ the data types/API will be identified as more functionality is added.
 Contributions are very welcome!
 ### Testing Changes
 Run the following commands to test your changes:
 ```bash
 go test ./...
 go test -c github.com/google/nftables
 sudo ./nftables.test -test.v -run_system_tests
 ```
--- a/expr/verdict.go
+++ b/expr/verdict.go
@ -24,6 +24,15 @@ import (
 	"golang.org/x/sys/unix"
 )
 const (
 	NFT_DROP   = 0
 	NFT_ACCEPT = 1
 	NFT_STOLEN = 2
 	NFT_QUEUE  = 3
 	NFT_REPEAT = 4
 	NFT_STOP   = 5
 )
 // This code assembles the verdict structure, as expected by the
 // nftables netlink API.
 // For further information, consult:
@ -129,3 +138,37 @@ func (e *Verdict) unmarshal(fam byte, data []byte) error {
 	}
 	return ad.Err()
 }
 func (e *Verdict) String() string {
 	var v string
 	switch e.Kind {
 	case unix.NFT_RETURN:
 		v = "return" // -0x5
 	case unix.NFT_GOTO:
 		v = "goto" // -0x4
 	case unix.NFT_JUMP:
 		v = "jump" // NFT_JUMP = -0x3
 	case unix.NFT_BREAK:
 		v = "break" // NFT_BREAK = -0x2
 	case unix.NFT_CONTINUE:
 		v = "continue" // NFT_CONTINUE = -0x1
 	case NFT_DROP:
 		v = "drop"
 	case NFT_ACCEPT:
 		v = "accept"
 	case NFT_STOLEN:
 		v = "stolen"
 	case NFT_QUEUE:
 		v = "queue"
 	case NFT_REPEAT:
 		v = "repeat"
 	case NFT_STOP:
 		v = "stop"
 	default:
 		v = fmt.Sprintf("verdict %v", e.Kind)
 	}
 	if e.Chain != "" {
 		return v + " " + e.Chain
 	}
 	return v
 }
--- a/nftables_test.go
+++ b/nftables_test.go
@ -307,12 +307,27 @@ func TestRuleOperations(t *testing.T) {
 		expr.VerdictDrop,
 	}
 	wantStrings := []string{
 		"queue",
 		"accept",
 		"queue",
 		"accept",
 		"drop",
 		"drop",
 	}
 	for i, r := range rules {
 		rr, _ := r.Exprs[0].(*expr.Verdict)
 		if rr.Kind != want[i] {
 			t.Fatalf("bad verdict kind at %d", i)
 		}
 		if rr.String() != wantStrings[i] {
 			t.Fatalf("bad verdict string at %d: %s (received) vs. %s (expected)", i, rr.String(), wantStrings[i])
 		}
 		t.Logf("%s", rr)
 	}
 }
--- a/nftables_test.sh
+++ b/nftables_test.sh
@ -0,0 +1,3 @@
 go test ./...
 go test -c github.com/google/nftables
 sudo ./nftables.test -test.v -run_system_tests
--- a/set.go
+++ b/set.go
@ -247,16 +247,17 @@ func ConcatSetTypeElements(t SetDatatype) []SetDatatype {
 // Set represents an nftables set. Anonymous sets are only valid within the
 // context of a single batch.
 type Set struct {
-	Table      *Table
+	Table        *Table
-	ID         uint32
+	ID           uint32
-	Name       string
+	Name         string
-	Anonymous  bool
+	Anonymous    bool
-	Constant   bool
+	Constant     bool
-	Interval   bool
+	Interval     bool
-	AutoMerge  bool
+	DataInterval bool
-	IsMap      bool
+	AutoMerge    bool
-	HasTimeout bool
+	IsMap        bool
-	Counter    bool
+	HasTimeout   bool
 	Counter      bool
 	// Can be updated per evaluation path, per `nft list ruleset`
 	// indicates that set contains "flags dynamic"
 	// https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=84d12cfacf8ddd857a09435f3d982ab6250d250c#n298
@ -674,6 +675,10 @@ func (cc *Conn) AddSet(s *Set, vals []SetElement) error {
 		userData = userdata.AppendUint32(userData, userdata.NFTNL_UDATA_SET_MERGE_ELEMENTS, 1)
 	}
 	if s.DataInterval {
 		userData = userdata.AppendUint32(userData, userdata.NFTNL_UDATA_SET_DATA_INTERVAL, 1)
 	}
 	if len(s.Comment) != 0 {
 		userData = userdata.AppendString(userData, userdata.NFTNL_UDATA_SET_COMMENT, s.Comment)
 	}
@ -797,8 +802,16 @@ func setsFromMsg(msg netlink.Message) (*Set, error) {
 			set.DataType.Bytes = binary.BigEndian.Uint32(ad.Bytes())
 		case unix.NFTA_SET_USERDATA:
 			data := ad.Bytes()
-			value, ok := userdata.GetUint32(data, userdata.NFTNL_UDATA_SET_MERGE_ELEMENTS)
+			if val, ok := userdata.GetString(data, userdata.NFTNL_UDATA_SET_COMMENT); ok {
-			set.AutoMerge = ok && value == 1
+				set.Comment = val
 			}
 			if val, ok := userdata.GetUint32(data, userdata.NFTNL_UDATA_SET_MERGE_ELEMENTS); ok {
 				set.AutoMerge = val == 1
 			}
 			if val, ok := userdata.GetUint32(data, userdata.NFTNL_UDATA_SET_DATA_INTERVAL); ok {
 				set.DataInterval = val == 1
 			}
 		case unix.NFTA_SET_DESC:
 			nestedAD, err := netlink.NewAttributeDecoder(ad.Bytes())
 			if err != nil {
--- a/set_test.go
+++ b/set_test.go
@ -257,13 +257,26 @@ func TestMarshalSet(t *testing.T) {
 			name: "Vedict map",
 			set: Set{
 				Name:     "test-map",
-				ID:       uint32(3),
+				ID:       uint32(4),
 				Table:    tbl,
 				KeyType:  TypeIPAddr,
 				DataType: TypeVerdict,
 				IsMap:    true,
 			},
 		},
 		{
 			name: "Map ip-ip", // generic case
 			set: Set{
 				Name:         "test-map",
 				ID:           uint32(5),
 				Table:        tbl,
 				KeyType:      TypeIPAddr,
 				DataType:     TypeIPAddr,
 				DataInterval: true,
 				IsMap:        true,
 				Comment:      "test-comment",
 			},
 		},
 	}
 	for i, tt := range tests {
Author	SHA1	Message	Date
Paul Greenberg	6a5756c734	Merge `dae73eaa9c` into `4195a123ff`	2025-09-22 16:37:02 +02:00
Nikita Vorontsov	4195a123ff	add DataInterval flag for maps, fix comments (#327 )	2025-09-19 16:36:24 +02:00
Paul Greenberg	dae73eaa9c	rule: add String() method Before this commit: the printing of a rule results in a pointer address. After this commit: the printing of a rules results in a human-readable text. Resolves: #104 Signed-off-by: Paul Greenberg <greenpau@outlook.com>	2020-08-03 10:59:40 -04:00