From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 621CF1FF178 for ; Mon, 15 Dec 2025 16:09:24 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 45A7B100ED; Mon, 15 Dec 2025 16:09:56 +0100 (CET) From: Robert Obkircher To: pve-devel@lists.proxmox.com Date: Mon, 15 Dec 2025 16:08:49 +0100 Message-ID: <20251215150906.257151-6-r.obkircher@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20251215150906.257151-1-r.obkircher@proxmox.com> References: <20251215150906.257151-1-r.obkircher@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1765811386031 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.061 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH proxmox-firewall 1/2] fix #7068: show rule comments in nftables output X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" SW5jbHVkZSBydWxlIGNvbW1lbnRzIGZyb20gdGhlIFVJIGluIHRoZSBnZW5lcmF0ZWQgbmZ0YWJs ZXMgcnVsZXMgaWYKdGhlIHByZXNlcnZlX2NvbW1lbnRzIG9wdGlvbiBpcyBlbmFibGVkLiBUcnVu Y2F0ZSB0aGVtIHRvIGF0IG1vc3QgMTI4CmJ5dGVzIHRvIG1hdGNoIHRoZSBsaW1pdCBpbiBsaWJu ZnRubC4KClNpZ25lZC1vZmYtYnk6IFJvYmVydCBPYmtpcmNoZXIgPHIub2JraXJjaGVyQHByb3ht b3guY29tPgotLS0KIHByb3htb3gtZmlyZXdhbGwvc3JjL3J1bGUucnMgfCA1NiArKysrKysrKysr KysrKysrKysrKysrKysrKysrKysrKysrKy0KIDEgZmlsZSBjaGFuZ2VkLCA1NSBpbnNlcnRpb25z KCspLCAxIGRlbGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvcHJveG1veC1maXJld2FsbC9zcmMvcnVs ZS5ycyBiL3Byb3htb3gtZmlyZXdhbGwvc3JjL3J1bGUucnMKaW5kZXggYjc5ZjkxYy4uNmJlNjcy MCAxMDA2NDQKLS0tIGEvcHJveG1veC1maXJld2FsbC9zcmMvcnVsZS5ycworKysgYi9wcm94bW94 LWZpcmV3YWxsL3NyYy9ydWxlLnJzCkBAIC0zNiwxNCArMzYsMTkgQEAgcHViKGNyYXRlKSBzdHJ1 Y3QgTmZ0UnVsZSB7CiAgICAgZmFtaWx5OiBPcHRpb248RmFtaWx5PiwKICAgICBzdGF0ZW1lbnRz OiBWZWM8U3RhdGVtZW50PiwKICAgICB0ZXJtaW5hbF9zdGF0ZW1lbnRzOiBWZWM8U3RhdGVtZW50 PiwKKyAgICBjb21tZW50OiBPcHRpb248U3RyaW5nPiwKIH0KIAogaW1wbCBOZnRSdWxlIHsKKyAg ICAvLy8gZnJvbSBORlROTF9VREFUQV9DT01NRU5UX01BWExFTgorICAgIHB1YiBjb25zdCBNQVhf Q09NTUVOVF9MRU46IHVzaXplID0gMTI4OworCiAgICAgcHViIGZuIGZyb21fdGVybWluYWxfc3Rh dGVtZW50cyh0ZXJtaW5hbF9zdGF0ZW1lbnRzOiBWZWM8U3RhdGVtZW50PikgLT4gU2VsZiB7CiAg ICAgICAgIFNlbGYgewogICAgICAgICAgICAgZmFtaWx5OiBOb25lLAogICAgICAgICAgICAgc3Rh dGVtZW50czogVmVjOjpuZXcoKSwKICAgICAgICAgICAgIHRlcm1pbmFsX3N0YXRlbWVudHMsCisg ICAgICAgICAgICBjb21tZW50OiBOb25lLAogICAgICAgICB9CiAgICAgfQogCkBAIC01Miw2ICs1 Nyw3IEBAIGltcGwgTmZ0UnVsZSB7CiAgICAgICAgICAgICBmYW1pbHk6IE5vbmUsCiAgICAgICAg ICAgICBzdGF0ZW1lbnRzOiBWZWM6Om5ldygpLAogICAgICAgICAgICAgdGVybWluYWxfc3RhdGVt ZW50czogdmVjIVt0ZXJtaW5hbF9zdGF0ZW1lbnRdLAorICAgICAgICAgICAgY29tbWVudDogTm9u ZSwKICAgICAgICAgfQogICAgIH0KIApAQCAtODEsNiArODcsNDEgQEAgaW1wbCBOZnRSdWxlIHsK ICAgICAgICAgaXBmaWx0ZXIudG9fbmZ0X3J1bGVzKCZtdXQgcnVsZXMsIGVudik/OwogICAgICAg ICBPayhydWxlcykKICAgICB9CisKKyAgICBwdWIgZm4gc2V0X2NvbW1lbnQoJm11dCBzZWxmLCBj b21tZW50OiAmc3RyKSB7CisgICAgICAgIHNlbGYuY29tbWVudCA9IFNvbWUoU2VsZjo6dHJ1bmNh dGVfY29tbWVudChjb21tZW50KS50b19zdHJpbmcoKSkKKyAgICB9CisKKyAgICBmbiB0cnVuY2F0 ZV9jb21tZW50KGNvbW1lbnQ6ICZzdHIpIC0+ICZzdHIgeworICAgICAgICAmY29tbWVudFsuLm15 X2Zsb29yX2NoYXJfYm91bmRhcnkoY29tbWVudCwgU2VsZjo6TUFYX0NPTU1FTlRfTEVOKV0KKyAg ICB9Cit9CisKKyNbY2ZnKHRlc3QpXQorbW9kIHRlc3RzIHsKKyAgICB1c2Ugc3VwZXI6Ok5mdFJ1 bGU7CisKKyAgICAjW3Rlc3RdCisgICAgZm4gdGVzdF90cnVuY2F0ZV8xMjkoKSB7CisgICAgICAg IGxldCBjb21tZW50ID0gIk1pZCBjaGFyYWN0ZXIgdHJ1Y2F0aW9uIG9mIDEyOSBieXRlIGNvbW1l bnQ6IGFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFh YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWHwn6aA8J+mgCI7CisgICAgICAgIGFzc2VydF9lcSEoY29t bWVudC5sZW4oKSwgMTI5KTsKKyAgICAgICAgbGV0IHRydW5jYXRlZCA9IE5mdFJ1bGU6OnRydW5j YXRlX2NvbW1lbnQoY29tbWVudCk7CisgICAgICAgIGFzc2VydF9lcSEodHJ1bmNhdGVkLmxlbigp LCAxMjUpOworICAgICAgICBhc3NlcnQhKGNvbW1lbnQuc3RhcnRzX3dpdGgodHJ1bmNhdGVkKSk7 CisgICAgfQorfQorCisvLyBUT0RPOiByZXBsYWNlIHdpdGggc3RyOjpmbG9vcl9jaGFyX2JvdW5k YXJ5IG9uY2UgcnVzdGMgMS45MS4wIGlzIGF2YWlsYWJsZQorZm4gbXlfZmxvb3JfY2hhcl9ib3Vu ZGFyeShzOiAmc3RyLCBpbmRleDogdXNpemUpIC0+IHVzaXplIHsKKyAgICBpZiBpbmRleCA+PSBz LmxlbigpIHsKKyAgICAgICAgcy5sZW4oKQorICAgIH0gZWxzZSB7CisgICAgICAgIHMuY2hhcl9p bmRpY2VzKCkKKyAgICAgICAgICAgIC5tYXAofChpLCBfKXwgaSkKKyAgICAgICAgICAgIC50YWtl X3doaWxlKHxpfCAqaSA8PSBpbmRleCkKKyAgICAgICAgICAgIC5sYXN0KCkKKyAgICAgICAgICAg IC51bndyYXBfb3IoMCkKKyAgICB9CiB9CiAKIGltcGwgRGVyZWYgZm9yIE5mdFJ1bGUgewpAQCAt MTAxLDcgKzE0MiwxMiBAQCBpbXBsIE5mdFJ1bGUgewogICAgIHB1YiBmbiBpbnRvX2FkZF9ydWxl KHNlbGYsIGNoYWluOiBDaGFpblBhcnQpIC0+IEFkZFJ1bGUgewogICAgICAgICBsZXQgc3RhdGVt ZW50cyA9IHNlbGYuc3RhdGVtZW50cy5pbnRvX2l0ZXIoKS5jaGFpbihzZWxmLnRlcm1pbmFsX3N0 YXRlbWVudHMpOwogCi0gICAgICAgIEFkZFJ1bGU6OmZyb21fc3RhdGVtZW50cyhjaGFpbiwgc3Rh dGVtZW50cykKKyAgICAgICAgbGV0IHJlc3VsdCA9IEFkZFJ1bGU6OmZyb21fc3RhdGVtZW50cyhj aGFpbiwgc3RhdGVtZW50cyk7CisgICAgICAgIGlmIGxldCBTb21lKGNvbW1lbnQpID0gc2VsZi5j b21tZW50IHsKKyAgICAgICAgICAgIHJlc3VsdC53aXRoX2NvbW1lbnQoY29tbWVudCkKKyAgICAg ICAgfSBlbHNlIHsKKyAgICAgICAgICAgIHJlc3VsdAorICAgICAgICB9CiAgICAgfQogCiAgICAg cHViIGZuIGZhbWlseSgmc2VsZikgLT4gT3B0aW9uPEZhbWlseT4gewpAQCAtMTc1LDExICsyMjEs MTkgQEAgaW1wbCBUb05mdFJ1bGVzIGZvciBSdWxlIHsKICAgICBmbiB0b19uZnRfcnVsZXMoJnNl bGYsIHJ1bGVzOiAmbXV0IFZlYzxOZnRSdWxlPiwgZW52OiAmTmZ0UnVsZUVudikgLT4gUmVzdWx0 PCgpLCBFcnJvcj4gewogICAgICAgICBsb2c6OnRyYWNlISgiZ2VuZXJhdGluZyBuZnQgcnVsZXMg Zm9yIGNvbmZpZyBydWxlIHtzZWxmOj99Iik7CiAKKyAgICAgICAgbGV0IGJlZm9yZSA9IHJ1bGVz LmxlbigpOwogICAgICAgICBtYXRjaCBzZWxmLmtpbmQoKSB7CiAgICAgICAgICAgICBLaW5kOjpN YXRjaChydWxlKSA9PiBydWxlLnRvX25mdF9ydWxlcyhydWxlcywgZW52KT8sCiAgICAgICAgICAg ICBLaW5kOjpHcm91cChncm91cCkgPT4gZ3JvdXAudG9fbmZ0X3J1bGVzKHJ1bGVzLCBlbnYpPywK ICAgICAgICAgfTsKIAorICAgICAgICBpZiBlbnYuZmlyZXdhbGxfY29uZmlnLmhvc3QoKS5wcmVz ZXJ2ZV9jb21tZW50cygpIHsKKyAgICAgICAgICAgIGlmIGxldCBTb21lKGNvbW1lbnQpID0gc2Vs Zi5jb21tZW50KCkgeworICAgICAgICAgICAgICAgIGZvciBuZnRfcnVsZSBpbiAmbXV0IHJ1bGVz W2JlZm9yZS4uXSB7CisgICAgICAgICAgICAgICAgICAgIG5mdF9ydWxlLnNldF9jb21tZW50KGNv bW1lbnQpOworICAgICAgICAgICAgICAgIH0KKyAgICAgICAgICAgIH0KKyAgICAgICAgfQogICAg ICAgICBPaygoKSkKICAgICB9CiB9Ci0tIAoyLjQ3LjMKCgoKX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX18KcHZlLWRldmVsIG1haWxpbmcgbGlzdApwdmUtZGV2 ZWxAbGlzdHMucHJveG1veC5jb20KaHR0cHM6Ly9saXN0cy5wcm94bW94LmNvbS9jZ2ktYmluL21h aWxtYW4vbGlzdGluZm8vcHZlLWRldmVsCg==