[nftables] listing: only display wanted chain

Message ID	1384760421-4238-1-git-send-email-eric@regit.org
State	Accepted
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Eric Leblond <eric@regit.org> To: netfilter-devel@vger.kernel.org, pablo@netfilter.org Cc: eric@regit.org Subject: [nftables PATCH] listing: only display wanted chain Date: Mon, 18 Nov 2013 08:40:21 +0100 Message-Id: <1384760421-4238-1-git-send-email-eric@regit.org> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk

Message ID

1384760421-4238-1-git-send-email-eric@regit.org

State

Accepted

Headers

From: Eric Leblond <eric@regit.org>
To: netfilter-devel@vger.kernel.org, pablo@netfilter.org
Cc: eric@regit.org
Subject: [nftables PATCH] listing: only display wanted chain
Date: Mon, 18 Nov 2013 08:40:21 +0100
Message-Id: <1384760421-4238-1-git-send-email-eric@regit.org>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Commit Message

Eric Leblond Nov. 18, 2013, 7:40 a.m. UTC

When specifying a chain to list, all created chains were displayed
with a void content:

 # nft list chain filter
 table ip filter {
  	chain input {
  	}

  	chain new {
  		 counter packets 17971 bytes 2380637 accept
  		 counter packets 0 bytes 0 accept
  	}
  }

With the attached patch, only the asked chain is displayed:

  # nft list chain filter
  table ip filter {
  	chain new {
  		 counter packets 17971 bytes 2380637 accept # handle 36
  		 counter packets 0 bytes 0 accept # handle 40
  	}
  }

Signed-off-by: Eric Leblond <eric@regit.org>
---
 src/netlink.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Arturo Borrero Nov. 19, 2013, 9:26 a.m. UTC | #1

On 18 November 2013 08:40, Eric Leblond <eric@regit.org> wrote:
> When specifying a chain to list, all created chains were displayed
> with a void content:
>
>  # nft list chain filter
>  table ip filter {
>         chain input {
>         }
>
>         chain new {
>                  counter packets 17971 bytes 2380637 accept
>                  counter packets 0 bytes 0 accept
>         }
>   }
>
> With the attached patch, only the asked chain is displayed:
>
>   # nft list chain filter
>   table ip filter {
>         chain new {
>                  counter packets 17971 bytes 2380637 accept # handle 36
>                  counter packets 0 bytes 0 accept # handle 40
>         }
>   }
>
> Signed-off-by: Eric Leblond <eric@regit.org>

Hi all,

I've been testing this patch and works fine for me.
I think the old behaviour was a bit odd.

Thanks Eric.

Pablo Neira Ayuso Nov. 19, 2013, 8:32 p.m. UTC | #2

On Mon, Nov 18, 2013 at 08:40:21AM +0100, Eric Leblond wrote:
> When specifying a chain to list, all created chains were displayed
> with a void content:
> 
>  # nft list chain filter
>  table ip filter {
>   	chain input {
>   	}
> 
>   	chain new {
>   		 counter packets 17971 bytes 2380637 accept
>   		 counter packets 0 bytes 0 accept
>   	}
>   }
> 
> With the attached patch, only the asked chain is displayed:
> 
>   # nft list chain filter
>   table ip filter {
>   	chain new {
>   		 counter packets 17971 bytes 2380637 accept # handle 36
>   		 counter packets 0 bytes 0 accept # handle 40
>   	}
>   }

Also applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/src/netlink.c b/src/netlink.c
index a62c357..15cba79 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -544,6 +544,10 @@  static int list_chain_cb(struct nft_chain *nlc, void *arg)
 	    strcmp(nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_TABLE), h->table) != 0)
 		return 0;
 
+	if (h->chain &&
+	    strcmp(nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_NAME), h->chain) != 0)
+		return 0;
+
 	chain = chain_alloc(nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_NAME));
 	chain->handle.family =
 		nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_FAMILY);

[nftables] listing: only display wanted chain

Commit Message

Comments

Patch