diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-06-18 15:08:54 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-06-19 19:40:39 +0200 |
commit | caf7db2cb8bac4981908c1d1917481f64a1046ff (patch) | |
tree | 7e61f799f40feb3d659618d696f0a9e1a99e4d37 | |
parent | e1c877c92c75ebb59750218ab34be09945e83c43 (diff) |
evaluate: allow get/list/flush dynamic sets and maps via list command
Before:
# nft list set ip filter untracked_unknown
Error: No such file or directory; did you mean set ‘untracked_unknown’ in table ip ‘filter’?
list set ip filter untracked_unknown
^^^^^^^^^^^^^^^^^
After:
# nft list set ip filter untracked_unknown
table ip filter {
set untracked_unknown {
type ipv4_addr . inet_service . ipv4_addr . inet_service . inet_proto
size 100000
flags dynamic,timeout
}
}
Add a testcase for this too.
Reported-by: Václav Zindulka <vaclav.zindulka@tlapnet.cz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/evaluate.c | 6 | ||||
-rwxr-xr-x | tests/shell/testcases/listing/0015dynamic_0 | 24 |
2 files changed, 27 insertions, 3 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 511f9f14..07617a7c 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3520,7 +3520,7 @@ static int cmd_evaluate_get(struct eval_ctx *ctx, struct cmd *cmd) return table_not_found(ctx); set = set_lookup(table, cmd->handle.set.name); - if (set == NULL || set->flags & (NFT_SET_MAP | NFT_SET_EVAL)) + if (set == NULL || set->flags & NFT_SET_MAP) return set_not_found(ctx, &ctx->cmd->handle.set.location, ctx->cmd->handle.set.name); @@ -3587,7 +3587,7 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd) return table_not_found(ctx); set = set_lookup(table, cmd->handle.set.name); - if (set == NULL || set->flags & (NFT_SET_MAP | NFT_SET_EVAL)) + if (set == NULL || set->flags & NFT_SET_MAP) return set_not_found(ctx, &ctx->cmd->handle.set.location, ctx->cmd->handle.set.name); @@ -3698,7 +3698,7 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) return table_not_found(ctx); set = set_lookup(table, cmd->handle.set.name); - if (set == NULL || set->flags & (NFT_SET_MAP | NFT_SET_EVAL)) + if (set == NULL || set->flags & NFT_SET_MAP) return set_not_found(ctx, &ctx->cmd->handle.set.location, ctx->cmd->handle.set.name); diff --git a/tests/shell/testcases/listing/0015dynamic_0 b/tests/shell/testcases/listing/0015dynamic_0 new file mode 100755 index 00000000..5ddc4ad8 --- /dev/null +++ b/tests/shell/testcases/listing/0015dynamic_0 @@ -0,0 +1,24 @@ +#!/bin/bash + +# list only the object asked for with table + +EXPECTED="table ip filter { + set test_set { + type ipv4_addr . inet_service . ipv4_addr . inet_service . inet_proto + size 100000 + flags dynamic,timeout + } +}" + +set -e + +$NFT -f - <<< $EXPECTED + +GET="$($NFT list set ip filter test_set)" +if [ "$EXPECTED" != "$GET" ] ; then + DIFF="$(which diff)" + [ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET") + exit 1 +fi + +$NFT flush set ip filter test_set |