Merge a0423c9897 into e99829fb4f

Fix incorrect size check in NFGenMsg, resolving TableFamily issue for rules in monitor

monitor_test.go

@@ -156,6 +156,9 @@ func TestMonitor(t *testing.T) {
 		*gotChain.Hooknum != *postrouting.Hooknum {
 		t.Fatal("no want chain", gotChain.Type, gotChain.Name, gotChain.Hooknum)
 	}
+	if gotRule.Table.Family != nat.Family {
+		t.Fatal("rule wrong family", gotRule.Table.Family, gotRule.Table.Name)
+	}
 	if len(gotRule.Exprs) != len(rule.Exprs) {
 		t.Fatal("no want rule")
 	}

nftables_test.go

@@ -5921,6 +5921,68 @@ func TestSet4(t *testing.T) {
 	}
 }
 
+func TestSetComment(t *testing.T) {
+	want := [][]byte{
+		// batch begin
+		[]byte("\x00\x00\x00\x0a"),
+		// nft flush ruleset
+		[]byte("\x00\x00\x00\x00"),
+		// nft add table inet filter
+		[]byte("\x01\x00\x00\x00\x0b\x00\x01\x00\x66\x69\x6c\x74\x65\x72\x00\x00\x08\x00\x02\x00\x00\x00\x00\x00"),
+		// nft add set inet filter setname { type ipv4_addr\; comment \"test comment\" \; }
+		[]byte("\x01\x00\x00\x00\x0b\x00\x01\x00\x66\x69\x6c\x74\x65\x72\x00\x00\x0c\x00\x02\x00\x73\x65\x74\x6e\x61\x6d\x65\x00\x08\x00\x03\x00\x00\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x07\x08\x00\x05\x00\x00\x00\x00\x04\x08\x00\x0a\x00\x00\x00\x00\x02\x13\x00\x0d\x00\x07\x0d\x74\x65\x73\x74\x20\x63\x6f\x6d\x6d\x65\x6e\x74\x00\x00"),
+		// batch end
+		[]byte("\x00\x00\x00\x0a"),
+	}
+
+	c, err := nftables.New(nftables.WithTestDial(
+		func(req []netlink.Message) ([]netlink.Message, error) {
+			for idx, msg := range req {
+				b, err := msg.MarshalBinary()
+				if err != nil {
+					t.Fatal(err)
+				}
+				if len(b) < 16 {
+					continue
+				}
+				b = b[16:]
+				if len(want) == 0 {
+					t.Errorf("no want entry for message %d: %x", idx, b)
+					continue
+				}
+				if got, want := b, want[0]; !bytes.Equal(got, want) {
+					t.Errorf("message %d: %s", idx, linediff(nfdump(got), nfdump(want)))
+				}
+				want = want[1:]
+			}
+			return req, nil
+		}))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	c.FlushRuleset()
+
+	filter := c.AddTable(&nftables.Table{
+		Family: nftables.TableFamilyINet,
+		Name:   "filter",
+	})
+
+	if err := c.AddSet(&nftables.Set{
+		ID:      2,
+		Table:   filter,
+		Name:    "setname",
+		KeyType: nftables.TypeIPAddr,
+		Comment: "test comment",
+	}, nil); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := c.Flush(); err != nil {
+		t.Fatal(err)
+	}
+}
+
 func TestMasq(t *testing.T) {
 	tests := []struct {
 		name      string

set.go

@@ -266,6 +266,7 @@ type Set struct {
 	// Either host (binaryutil.NativeEndian) or big (binaryutil.BigEndian) endian as per
 	// https://git.netfilter.org/nftables/tree/include/datatype.h?id=d486c9e626405e829221b82d7355558005b26d8a#n109
 	KeyByteOrder binaryutil.ByteOrder
+	Comment      string
 }
 
 // SetElement represents a data point within a set.
@@ -598,6 +599,10 @@ func (cc *Conn) AddSet(s *Set, vals []SetElement) error {
 		userData = userdata.AppendUint32(userData, userdata.NFTNL_UDATA_SET_MERGE_ELEMENTS, 1)
 	}
 
+	if len(s.Comment) != 0 {
+		userData = userdata.AppendString(userData, userdata.NFTNL_UDATA_SET_COMMENT, s.Comment)
+	}
+
 	if len(userData) > 0 {
 		tableInfo = append(tableInfo, netlink.Attribute{Type: unix.NFTA_SET_USERDATA, Data: userData})
 	}
@@ -743,7 +748,7 @@ func setsFromMsg(msg netlink.Message) (*Set, error) {
 			nftMagic := ad.Uint32()
 			// Special case for the data type verdict, in the message it is stored as 0xffffff00 but it is defined as 1
 			if nftMagic == 0xffffff00 {
-				set.KeyType = TypeVerdict
+				set.DataType = TypeVerdict
 				break
 			}
 			dt, err := parseSetDatatype(nftMagic)

util.go

@@ -38,7 +38,7 @@ type NFGenMsg struct {
 }
 
 func (genmsg *NFGenMsg) Decode(b []byte) {
-	if len(b) < 16 {
+	if len(b) < 4 {
 		return
 	}
 	genmsg.NFGenFamily = b[0]