diff mbox series

[nft,v2,1/2] evaluate: allow get/list/flush dynamic sets and maps via list command

Message ID 20190618144400.31411-1-pablo@netfilter.org
State Accepted
Delegated to: Pablo Neira
Headers show
Series [nft,v2,1/2] evaluate: allow get/list/flush dynamic sets and maps via list command | expand

Commit Message

Pablo Neira Ayuso June 18, 2019, 2:43 p.m. UTC 
Before:

 # nft list set ip filter untracked_unknown
 Error: No such file or directory; did you mean set ‘untracked_unknown’ in table ip ‘filter’?
 list set ip filter untracked_unknown
                    ^^^^^^^^^^^^^^^^^

After:

 # nft list set ip filter untracked_unknown
 table ip filter {
        set untracked_unknown {
                type ipv4_addr . inet_service . ipv4_addr . inet_service . inet_proto
                size 100000
                flags dynamic,timeout
        }
 }

Add a testcase for this too.

Reported-by: Václav Zindulka <vaclav.zindulka@tlapnet.cz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
v2: add testcase.

 src/evaluate.c                              |  6 +++---
 tests/shell/testcases/listing/0015dynamic_0 | 24 ++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100755 tests/shell/testcases/listing/0015dynamic_0
diff mbox series

Patch

diff --git a/src/evaluate.c b/src/evaluate.c
index 511f9f14bedd..07617a7c94cb 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3520,7 +3520,7 @@  static int cmd_evaluate_get(struct eval_ctx *ctx, struct cmd *cmd)
 			return table_not_found(ctx);
 
 		set = set_lookup(table, cmd->handle.set.name);
-		if (set == NULL || set->flags & (NFT_SET_MAP | NFT_SET_EVAL))
+		if (set == NULL || set->flags & NFT_SET_MAP)
 			return set_not_found(ctx, &ctx->cmd->handle.set.location,
 					     ctx->cmd->handle.set.name);
 
@@ -3587,7 +3587,7 @@  static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
 			return table_not_found(ctx);
 
 		set = set_lookup(table, cmd->handle.set.name);
-		if (set == NULL || set->flags & (NFT_SET_MAP | NFT_SET_EVAL))
+		if (set == NULL || set->flags & NFT_SET_MAP)
 			return set_not_found(ctx, &ctx->cmd->handle.set.location,
 					     ctx->cmd->handle.set.name);
 
@@ -3698,7 +3698,7 @@  static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
 			return table_not_found(ctx);
 
 		set = set_lookup(table, cmd->handle.set.name);
-		if (set == NULL || set->flags & (NFT_SET_MAP | NFT_SET_EVAL))
+		if (set == NULL || set->flags & NFT_SET_MAP)
 			return set_not_found(ctx, &ctx->cmd->handle.set.location,
 					     ctx->cmd->handle.set.name);
 
diff --git a/tests/shell/testcases/listing/0015dynamic_0 b/tests/shell/testcases/listing/0015dynamic_0
new file mode 100755
index 000000000000..5ddc4ad83a50
--- /dev/null
+++ b/tests/shell/testcases/listing/0015dynamic_0
@@ -0,0 +1,24 @@ 
+#!/bin/bash
+
+# list only the object asked for with table
+
+EXPECTED="table ip filter {
+	set test_set {
+		type ipv4_addr . inet_service . ipv4_addr . inet_service . inet_proto
+		size 100000
+		flags dynamic,timeout
+	}
+}"
+
+set -e
+
+$NFT -f - <<< $EXPECTED
+
+GET="$($NFT list set ip filter test_set)"
+if [ "$EXPECTED" != "$GET" ] ; then
+	DIFF="$(which diff)"
+	[ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
+	exit 1
+fi
+
+$NFT flush set ip filter test_set