[nft,2/4] rule: when listing all sets, don't print empty tables

The table may contain sets, but they are anonymous.

For example, using this ruleset:


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On Mon, Jan 04, 2016 at 01:18:31PM +0100, Arturo Borrero Gonzalez wrote:
> The table may contain sets, but they are anonymous.

Also applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On Mon, Jan 04, 2016 at 01:18:31PM +0100, Arturo Borrero Gonzalez wrote:
> diff --git a/src/rule.c b/src/rule.c
> index 18ff592..c0e45aa 100644
> --- a/src/rule.c
> +++ b/src/rule.c
> @@ -1009,12 +1009,24 @@ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd)
>  	};
>  	struct table *table;
>  	struct set *set;
> +	bool printable_sets = false;
>  
>  	list_for_each_entry(table, &table_list, list) {
>  		if (cmd->handle.family != NFPROTO_UNSPEC &&
>  		    cmd->handle.family != table->handle.family)
>  			continue;
>  
> +		/* if there are no printable sets, don't print empty table */
> +		list_for_each_entry(set, &table->sets, list) {
> +			if (!set->flags & SET_F_ANONYMOUS) {

Wait, this should be:

        if (!(set->flags & SET_F_ANONYMOUS))

instead.

I'm fixing this here.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On Tue, Jan 05, 2016 at 12:35:44PM +0100, Pablo Neira Ayuso wrote:
> On Mon, Jan 04, 2016 at 01:18:31PM +0100, Arturo Borrero Gonzalez wrote:
> > diff --git a/src/rule.c b/src/rule.c
> > index 18ff592..c0e45aa 100644
> > --- a/src/rule.c
> > +++ b/src/rule.c
> > @@ -1009,12 +1009,24 @@ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd)
> >  	};
> >  	struct table *table;
> >  	struct set *set;
> > +	bool printable_sets = false;
> >  
> >  	list_for_each_entry(table, &table_list, list) {
> >  		if (cmd->handle.family != NFPROTO_UNSPEC &&
> >  		    cmd->handle.family != table->handle.family)
> >  			continue;
> >  
> > +		/* if there are no printable sets, don't print empty table */
> > +		list_for_each_entry(set, &table->sets, list) {
> > +			if (!set->flags & SET_F_ANONYMOUS) {
> 
> Wait, this should be:
> 
>         if (!(set->flags & SET_F_ANONYMOUS))
> 
> instead.
> 
> I'm fixing this here.

I'm going to keep this back.

We have to provide a consistent behaviour wrt. nft list chains, and
that is listing empty tables when it contains no chains.

I'm unsure here, I considering printing the table with no content
makes sense since the user knows no sets or chains are available
there. If we skip this, it looks like the table doesn't exists. Other
than that, the user is fully aware of having a table with no content.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On 5 January 2016 at 12:40, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>
> I'm going to keep this back.
>
> We have to provide a consistent behaviour wrt. nft list chains, and
> that is listing empty tables when it contains no chains.
>
> I'm unsure here, I considering printing the table with no content
> makes sense since the user knows no sets or chains are available
> there. If we skip this, it looks like the table doesn't exists. Other
> than that, the user is fully aware of having a table with no content.

Ok, I understand, thanks.