diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-11-18 17:25:36 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-11-18 20:26:00 +0100 |
commit | 8492878961248b4b53fa97383c7c1b15d7062947 (patch) | |
tree | 0868d24a5cf72444d49553cf90af2a1724b1568a /src | |
parent | 168e4e29e3b8bc9fc0563c8d5170575e868f5a21 (diff) |
cache: do not skip populating anonymous set with -t
--terse does not apply to anonymous set, add a NFT_CACHE_TERSE bit
to skip named sets only.
Moreover, prioritize specific listing filter over --terse to avoid a
bogus:
netlink: Error: Unknown set '__set0' in lookup expression
when invoking:
# nft -ta list set inet filter example
Extend existing test to improve coverage.
Fixes: 9628d52e46ac ("cache: disable NFT_CACHE_SETELEM_BIT on --terse listing only")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/cache.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/cache.c b/src/cache.c index fe31e3f0..6d20716d 100644 --- a/src/cache.c +++ b/src/cache.c @@ -215,10 +215,10 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd, filter->list.table = cmd->handle.table.name; filter->list.set = cmd->handle.set.name; } - if (nft_output_terse(&nft->output)) - flags |= (NFT_CACHE_FULL & ~NFT_CACHE_SETELEM_BIT); - else if (filter->list.table && filter->list.set) + if (filter->list.table && filter->list.set) flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | NFT_CACHE_SETELEM; + else if (nft_output_terse(&nft->output)) + flags |= NFT_CACHE_FULL | NFT_CACHE_TERSE; else flags |= NFT_CACHE_FULL; break; @@ -234,7 +234,7 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd, break; case CMD_OBJ_RULESET: if (nft_output_terse(&nft->output)) - flags |= (NFT_CACHE_FULL & ~NFT_CACHE_SETELEM_BIT); + flags |= NFT_CACHE_FULL | NFT_CACHE_TERSE; else flags |= NFT_CACHE_FULL; break; @@ -830,6 +830,9 @@ static int cache_init_objects(struct netlink_ctx *ctx, unsigned int flags, list_for_each_entry(set, &table->set_cache.list, cache.list) { if (cache_filter_find(filter, &set->handle)) continue; + if (!set_is_anonymous(set->flags) && + flags & NFT_CACHE_TERSE) + continue; ret = netlink_list_setelems(ctx, &set->handle, set); |