diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-01-12 01:34:01 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-01-15 18:15:23 +0100 |
commit | 57291e35fcf6dbbc2fb0bd6b0465a9a82b66eb93 (patch) | |
tree | 37728cad2d541382f69e9d292321ec3fb106985f /src/netlink_delinearize.c | |
parent | e3d00ed1f657d5ce989a780990c6fb0097368d1e (diff) |
src: 'nft list chain' prints anonymous chains correctly
If the user is requesting a chain listing, e.g. nft list chain x y
and a rule refers to an anonymous chain that cannot be found in the cache,
then fetch such anonymous chain and its ruleset.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1577
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_delinearize.c')
-rw-r--r-- | src/netlink_delinearize.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index fd81e071..87316429 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -218,6 +218,13 @@ static void netlink_parse_chain_verdict(struct netlink_parse_ctx *ctx, expr_chain_export(expr->chain, chain_name); chain = chain_binding_lookup(ctx->table, chain_name); + + /* Special case: 'nft list chain x y' needs to pull in implicit chains */ + if (!chain && !strncmp(chain_name, "__chain", strlen("__chain"))) { + nft_chain_cache_update(ctx->nlctx, ctx->table, chain_name); + chain = chain_binding_lookup(ctx->table, chain_name); + } + if (chain) { ctx->stmt = chain_stmt_alloc(loc, chain, verdict); expr_free(expr); @@ -3128,6 +3135,7 @@ struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx, memset(&_ctx, 0, sizeof(_ctx)); _ctx.msgs = ctx->msgs; _ctx.debug_mask = ctx->nft->debug_mask; + _ctx.nlctx = ctx; memset(&h, 0, sizeof(h)); h.family = nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY); |