summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/linux/netfilter/nf_tables.h2
-rw-r--r--src/netlink.c4
-rw-r--r--src/parser_bison.y16
-rw-r--r--src/rule.c6
4 files changed, 25 insertions, 3 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 4854210d..f311ab9f 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -319,6 +319,7 @@ enum nft_set_desc_attributes {
* @NFTA_SET_GC_INTERVAL: garbage collection interval (NLA_U32)
* @NFTA_SET_USERDATA: user data (NLA_BINARY)
* @NFTA_SET_OBJ_TYPE: stateful object type (NLA_U32: NFT_OBJECT_*)
+ * @NFTA_SET_HANDLE: numeric handle of the set (NLA_U64)
*/
enum nft_set_attributes {
NFTA_SET_UNSPEC,
@@ -337,6 +338,7 @@ enum nft_set_attributes {
NFTA_SET_USERDATA,
NFTA_SET_PAD,
NFTA_SET_OBJ_TYPE,
+ NFTA_SET_HANDLE,
__NFTA_SET_MAX
};
#define NFTA_SET_MAX (__NFTA_SET_MAX - 1)
diff --git a/src/netlink.c b/src/netlink.c
index 728b6fdf..9f6d24c8 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -195,6 +195,8 @@ struct nftnl_set *alloc_nftnl_set(const struct handle *h)
nftnl_set_set_str(nls, NFTNL_SET_NAME, h->set);
if (h->set_id)
nftnl_set_set_u32(nls, NFTNL_SET_ID, h->set_id);
+ if (h->handle.id)
+ nftnl_set_set_u64(nls, NFTNL_SET_HANDLE, h->handle.id);
return nls;
}
@@ -981,6 +983,7 @@ static struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
nftnl_set_get_u32(nls, NFTNL_SET_KEY_LEN) * BITS_PER_BYTE,
NULL);
set->flags = nftnl_set_get_u32(nls, NFTNL_SET_FLAGS);
+ set->handle.handle.id = nftnl_set_get_u64(nls, NFTNL_SET_HANDLE);
set->objtype = objtype;
@@ -1123,6 +1126,7 @@ int netlink_list_sets(struct netlink_ctx *ctx, const struct handle *h,
return 0;
}
+ ctx->data = h;
err = nftnl_set_list_foreach(set_cache, list_set_cb, ctx);
nftnl_set_list_free(set_cache);
return err;
diff --git a/src/parser_bison.y b/src/parser_bison.y
index dd0dcc51..d4481ad6 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -509,8 +509,8 @@ int nft_lex(void *, void *, void *);
%type <handle> table_spec tableid_spec chain_spec chainid_spec flowtable_spec chain_identifier ruleid_spec handle_spec position_spec rule_position ruleset_spec
%destructor { handle_free(&$$); } table_spec tableid_spec chain_spec chainid_spec flowtable_spec chain_identifier ruleid_spec handle_spec position_spec rule_position ruleset_spec
-%type <handle> set_spec set_identifier flowtable_identifier obj_spec obj_identifier
-%destructor { handle_free(&$$); } set_spec set_identifier obj_spec obj_identifier
+%type <handle> set_spec setid_spec set_identifier flowtable_identifier obj_spec obj_identifier
+%destructor { handle_free(&$$); } set_spec setid_spec set_identifier obj_spec obj_identifier
%type <val> family_spec family_spec_explicit chain_policy prio_spec
%type <string> dev_spec quota_unit
@@ -1048,6 +1048,10 @@ delete_cmd : TABLE table_spec
{
$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SET, &$2, &@$, NULL);
}
+ | SET setid_spec
+ {
+ $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SET, &$2, &@$, NULL);
+ }
| MAP set_spec
{
$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SET, &$2, &@$, NULL);
@@ -1856,6 +1860,14 @@ set_spec : table_spec identifier
}
;
+setid_spec : table_spec HANDLE NUM
+ {
+ $$ = $1;
+ $$.handle.location = @$;
+ $$.handle.id = $3;
+ }
+ ;
+
set_identifier : identifier
{
memset(&$$, 0, sizeof($$));
diff --git a/src/rule.c b/src/rule.c
index 29343f75..d58e58f1 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -377,7 +377,11 @@ static void do_set_print(const struct set *set, struct print_fmt_options *opts,
expr_print(set->init, octx);
nft_print(octx, "%s", opts->nl);
}
- nft_print(octx, "%s}%s", opts->tab, opts->nl);
+ nft_print(octx, "%s}", opts->tab);
+ if (octx->handle > 0)
+ nft_print(octx, " # handle %" PRIu64, set->handle.handle.id);
+ nft_print(octx, "%s", opts->nl);
+
}
void set_print(const struct set *s, struct output_ctx *octx)