summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2019-06-18 15:08:54 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2019-06-19 19:40:39 +0200
commitcaf7db2cb8bac4981908c1d1917481f64a1046ff (patch)
tree7e61f799f40feb3d659618d696f0a9e1a99e4d37
parente1c877c92c75ebb59750218ab34be09945e83c43 (diff)
evaluate: allow get/list/flush dynamic sets and maps via list command
Before: # nft list set ip filter untracked_unknown Error: No such file or directory; did you mean set ‘untracked_unknown’ in table ip ‘filter’? list set ip filter untracked_unknown ^^^^^^^^^^^^^^^^^ After: # nft list set ip filter untracked_unknown table ip filter { set untracked_unknown { type ipv4_addr . inet_service . ipv4_addr . inet_service . inet_proto size 100000 flags dynamic,timeout } } Add a testcase for this too. Reported-by: Václav Zindulka <vaclav.zindulka@tlapnet.cz> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/evaluate.c6
-rwxr-xr-xtests/shell/testcases/listing/0015dynamic_024
2 files changed, 27 insertions, 3 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 511f9f14..07617a7c 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3520,7 +3520,7 @@ static int cmd_evaluate_get(struct eval_ctx *ctx, struct cmd *cmd)
return table_not_found(ctx);
set = set_lookup(table, cmd->handle.set.name);
- if (set == NULL || set->flags & (NFT_SET_MAP | NFT_SET_EVAL))
+ if (set == NULL || set->flags & NFT_SET_MAP)
return set_not_found(ctx, &ctx->cmd->handle.set.location,
ctx->cmd->handle.set.name);
@@ -3587,7 +3587,7 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
return table_not_found(ctx);
set = set_lookup(table, cmd->handle.set.name);
- if (set == NULL || set->flags & (NFT_SET_MAP | NFT_SET_EVAL))
+ if (set == NULL || set->flags & NFT_SET_MAP)
return set_not_found(ctx, &ctx->cmd->handle.set.location,
ctx->cmd->handle.set.name);
@@ -3698,7 +3698,7 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
return table_not_found(ctx);
set = set_lookup(table, cmd->handle.set.name);
- if (set == NULL || set->flags & (NFT_SET_MAP | NFT_SET_EVAL))
+ if (set == NULL || set->flags & NFT_SET_MAP)
return set_not_found(ctx, &ctx->cmd->handle.set.location,
ctx->cmd->handle.set.name);
diff --git a/tests/shell/testcases/listing/0015dynamic_0 b/tests/shell/testcases/listing/0015dynamic_0
new file mode 100755
index 00000000..5ddc4ad8
--- /dev/null
+++ b/tests/shell/testcases/listing/0015dynamic_0
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# list only the object asked for with table
+
+EXPECTED="table ip filter {
+ set test_set {
+ type ipv4_addr . inet_service . ipv4_addr . inet_service . inet_proto
+ size 100000
+ flags dynamic,timeout
+ }
+}"
+
+set -e
+
+$NFT -f - <<< $EXPECTED
+
+GET="$($NFT list set ip filter test_set)"
+if [ "$EXPECTED" != "$GET" ] ; then
+ DIFF="$(which diff)"
+ [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+ exit 1
+fi
+
+$NFT flush set ip filter test_set