src: Make flush command selective of the set structure type

The internal set infrastructure is used for sets, maps and flow tables. The flush command requires the set type but currently it works for all of them. E.g. if there is a set named 's' in a table 't' the following command shouldn't be valid but still executes: $ nft flush flow table t s This patch makes the flush command selective so 'flush flow table' only works in flow tables and so on. Fixes: 6d37dae ("parser_bison: Allow flushing maps") Fixes: 2daa0ee ("parser_bison: Allow flushing flow tables") Signed-off-by: Elise Lennion <elise.lennion@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Elise Lennion <elise.lennion@gmail.com> 2017-03-24 12:30:41 -0300
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-03-24 19:30:19 +0100
commit: e7d3210974e3c091ea11c1c9a94b07d3b5b6abd1 (patch)
tree: 6d50edcff5e1d348376a2ee2d73ec57e59d5e1a0 /src/rule.c
parent: 535a7324626f45bded749dcee7e225f9e0fa28d0 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/rule.c b/src/rule.c
index 997a6243..209cf2d7 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1512,6 +1512,8 @@ static int do_command_flush(struct netlink_ctx *ctx, struct cmd *cmd)
 	case CMD_OBJ_CHAIN:
 		return netlink_flush_chain(ctx, &cmd->handle, &cmd->location);
 	case CMD_OBJ_SET:
+	case CMD_OBJ_MAP:
+	case CMD_OBJ_FLOWTABLE:
 		return netlink_flush_setelems(ctx, &cmd->handle,
 					      &cmd->location);
 	case CMD_OBJ_RULESET:
author	Elise Lennion <elise.lennion@gmail.com>	2017-03-24 12:30:41 -0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-03-24 19:30:19 +0100
commit	e7d3210974e3c091ea11c1c9a94b07d3b5b6abd1 (patch)
tree	6d50edcff5e1d348376a2ee2d73ec57e59d5e1a0 /src/rule.c
parent	535a7324626f45bded749dcee7e225f9e0fa28d0 (diff)