diff options
| -rw-r--r-- | src/evaluate.c | 33 | ||||
| -rw-r--r-- | src/parser_bison.y | 8 | ||||
| -rw-r--r-- | src/rule.c | 2 |
3 files changed, 38 insertions, 5 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index b5db724c..49c5953a 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3080,6 +3080,8 @@ static int cmd_evaluate_reset(struct eval_ctx *ctx, struct cmd *cmd) static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) { + struct table *table; + struct set *set; int ret; ret = cache_update(cmd->op, ctx->msgs); @@ -3096,8 +3098,37 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) */ case CMD_OBJ_CHAIN: /* Chains don't hold sets */ - case CMD_OBJ_SET: break; + case CMD_OBJ_SET: + table = table_lookup(&cmd->handle); + if (table == NULL) + return cmd_error(ctx, "Could not process rule: Table '%s' does not exist", + cmd->handle.table); + set = set_lookup(table, cmd->handle.set); + if (set == NULL || set->flags & (NFT_SET_MAP | NFT_SET_EVAL)) + return cmd_error(ctx, "Could not process rule: Set '%s' does not exist", + cmd->handle.set); + return 0; + case CMD_OBJ_MAP: + table = table_lookup(&cmd->handle); + if (table == NULL) + return cmd_error(ctx, "Could not process rule: Table '%s' does not exist", + cmd->handle.table); + set = set_lookup(table, cmd->handle.set); + if (set == NULL || !(set->flags & NFT_SET_MAP)) + return cmd_error(ctx, "Could not process rule: Map '%s' does not exist", + cmd->handle.set); + return 0; + case CMD_OBJ_FLOWTABLE: + table = table_lookup(&cmd->handle); + if (table == NULL) + return cmd_error(ctx, "Could not process rule: Table '%s' does not exist", + cmd->handle.table); + set = set_lookup(table, cmd->handle.set); + if (set == NULL || !(set->flags & NFT_SET_EVAL)) + return cmd_error(ctx, "Could not process rule: Flow table '%s' does not exist", + cmd->handle.set); + return 0; default: BUG("invalid command object type %u\n", cmd->obj); } diff --git a/src/parser_bison.y b/src/parser_bison.y index 841b2e17..9f993fd3 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1127,13 +1127,13 @@ flush_cmd : TABLE table_spec { $$ = cmd_alloc(CMD_FLUSH, CMD_OBJ_SET, &$2, &@$, NULL); } - | FLOW TABLE set_spec + | MAP set_spec { - $$ = cmd_alloc(CMD_FLUSH, CMD_OBJ_SET, &$3, &@$, NULL); + $$ = cmd_alloc(CMD_FLUSH, CMD_OBJ_MAP, &$2, &@$, NULL); } - | MAP set_spec + | FLOW TABLE set_spec { - $$ = cmd_alloc(CMD_FLUSH, CMD_OBJ_SET, &$2, &@$, NULL); + $$ = cmd_alloc(CMD_FLUSH, CMD_OBJ_FLOWTABLE, &$3, &@$, NULL); } | RULESET ruleset_spec { @@ -1512,6 +1512,8 @@ static int do_command_flush(struct netlink_ctx *ctx, struct cmd *cmd) case CMD_OBJ_CHAIN: return netlink_flush_chain(ctx, &cmd->handle, &cmd->location); case CMD_OBJ_SET: + case CMD_OBJ_MAP: + case CMD_OBJ_FLOWTABLE: return netlink_flush_setelems(ctx, &cmd->handle, &cmd->location); case CMD_OBJ_RULESET: |