Message ID | 145190991185.22285.13328538132434564559.stgit@r2d2.cica.es |
---|---|
State | Changes Requested |
Delegated to: | Pablo Neira |
Headers | show |
On Mon, Jan 04, 2016 at 01:18:31PM +0100, Arturo Borrero Gonzalez wrote:
> The table may contain sets, but they are anonymous.
Also applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Jan 04, 2016 at 01:18:31PM +0100, Arturo Borrero Gonzalez wrote: > diff --git a/src/rule.c b/src/rule.c > index 18ff592..c0e45aa 100644 > --- a/src/rule.c > +++ b/src/rule.c > @@ -1009,12 +1009,24 @@ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd) > }; > struct table *table; > struct set *set; > + bool printable_sets = false; > > list_for_each_entry(table, &table_list, list) { > if (cmd->handle.family != NFPROTO_UNSPEC && > cmd->handle.family != table->handle.family) > continue; > > + /* if there are no printable sets, don't print empty table */ > + list_for_each_entry(set, &table->sets, list) { > + if (!set->flags & SET_F_ANONYMOUS) { Wait, this should be: if (!(set->flags & SET_F_ANONYMOUS)) instead. I'm fixing this here. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, Jan 05, 2016 at 12:35:44PM +0100, Pablo Neira Ayuso wrote: > On Mon, Jan 04, 2016 at 01:18:31PM +0100, Arturo Borrero Gonzalez wrote: > > diff --git a/src/rule.c b/src/rule.c > > index 18ff592..c0e45aa 100644 > > --- a/src/rule.c > > +++ b/src/rule.c > > @@ -1009,12 +1009,24 @@ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd) > > }; > > struct table *table; > > struct set *set; > > + bool printable_sets = false; > > > > list_for_each_entry(table, &table_list, list) { > > if (cmd->handle.family != NFPROTO_UNSPEC && > > cmd->handle.family != table->handle.family) > > continue; > > > > + /* if there are no printable sets, don't print empty table */ > > + list_for_each_entry(set, &table->sets, list) { > > + if (!set->flags & SET_F_ANONYMOUS) { > > Wait, this should be: > > if (!(set->flags & SET_F_ANONYMOUS)) > > instead. > > I'm fixing this here. I'm going to keep this back. We have to provide a consistent behaviour wrt. nft list chains, and that is listing empty tables when it contains no chains. I'm unsure here, I considering printing the table with no content makes sense since the user knows no sets or chains are available there. If we skip this, it looks like the table doesn't exists. Other than that, the user is fully aware of having a table with no content. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 5 January 2016 at 12:40, Pablo Neira Ayuso <pablo@netfilter.org> wrote: > > I'm going to keep this back. > > We have to provide a consistent behaviour wrt. nft list chains, and > that is listing empty tables when it contains no chains. > > I'm unsure here, I considering printing the table with no content > makes sense since the user knows no sets or chains are available > there. If we skip this, it looks like the table doesn't exists. Other > than that, the user is fully aware of having a table with no content. Ok, I understand, thanks.
==== 8< ==== table arp test_arp { chain test { meta nfproto { ipv4} } } ==== 8< ==== Before this patch: % nft list sets table arp test_arp { } After this patch: % nft list sets <no output> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> --- 0 files changed diff --git a/src/rule.c b/src/rule.c index 18ff592..c0e45aa 100644 --- a/src/rule.c +++ b/src/rule.c @@ -1009,12 +1009,24 @@ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd) }; struct table *table; struct set *set; + bool printable_sets = false; list_for_each_entry(table, &table_list, list) { if (cmd->handle.family != NFPROTO_UNSPEC && cmd->handle.family != table->handle.family) continue; + /* if there are no printable sets, don't print empty table */ + list_for_each_entry(set, &table->sets, list) { + if (!set->flags & SET_F_ANONYMOUS) { + printable_sets = true; + break; + } + } + + if (!printable_sets) + continue; + printf("table %s %s {\n", family2str(table->handle.family), table->handle.table); @@ -1027,6 +1039,8 @@ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd) } printf("}\n"); + + printable_sets = false; } return 0; }