[PATCH nft 1/2] src: add 'list maps' support

[PATCH nft 1/2] src: add 'list maps' support

[Pablo M. Bermudo Garay]

This commit adds a new command that lists maps:

  # nft list maps [family]

Only the declaration is displayed. If no family is specified, all maps
of all families are listed.

Example:

  # nft list maps

  table ip filter {
          map test {
                  type ipv4_addr : inet_service
          }
  }
  table ip6 filter {
          map test {
                  type ipv6_addr : inet_service
          }
  }

Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
---
 include/rule.h     | 1 +
 src/evaluate.c     | 1 +
 src/parser_bison.y | 5 +++++
 src/rule.c         | 8 +++++++-
 src/scanner.l      | 1 +
 5 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/include/rule.h b/include/rule.h
index bd24648..11d8618 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -318,6 +318,7 @@ enum cmd_obj {
 	CMD_OBJ_EXPORT,
 	CMD_OBJ_FLOWTABLE,
 	CMD_OBJ_FLOWTABLES,
+	CMD_OBJ_MAPS,
 };
 
 struct export {
diff --git a/src/evaluate.c b/src/evaluate.c
index cb4d2a5..ea1a63d 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2701,6 +2701,7 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
 	case CMD_OBJ_SETS:
 	case CMD_OBJ_RULESET:
 	case CMD_OBJ_FLOWTABLES:
+	case CMD_OBJ_MAPS:
 		return 0;
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 0452b8f..c689585 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -178,6 +178,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
 %token SET			"set"
 %token ELEMENT			"element"
 %token MAP			"map"
+%token MAPS			"maps"
 %token HANDLE			"handle"
 %token RULESET			"ruleset"
 
@@ -844,6 +845,10 @@ list_cmd		:	TABLE		table_spec
 			{
 				$$ = cmd_alloc(CMD_LIST, CMD_OBJ_FLOWTABLE, &$3, &@$, NULL);
 			}
+			|	MAPS		ruleset_spec
+			{
+				$$ = cmd_alloc(CMD_LIST, CMD_OBJ_MAPS, &$2, &@$, NULL);
+			}
 			;
 
 flush_cmd		:	TABLE		table_spec
diff --git a/src/rule.c b/src/rule.c
index 5613f96..38fd664 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1074,11 +1074,15 @@ static int do_list_sets(struct netlink_ctx *ctx, struct cmd *cmd)
 
 		list_for_each_entry(set, &table->sets, list) {
 			if (cmd->obj == CMD_OBJ_SETS &&
-			    set->flags & SET_F_ANONYMOUS)
+			    (set->flags & SET_F_ANONYMOUS ||
+			    set->flags & SET_F_MAP))
 				continue;
 			if (cmd->obj == CMD_OBJ_FLOWTABLES &&
 			    !(set->flags & SET_F_EVAL))
 				continue;
+			if (cmd->obj == CMD_OBJ_MAPS &&
+			    !(set->flags & SET_F_MAP))
+				continue;
 			set_print_declaration(set, &opts);
 			printf("%s}%s", opts.tab, opts.nl);
 		}
@@ -1216,6 +1220,8 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
 		return do_list_sets(ctx, cmd);
 	case CMD_OBJ_FLOWTABLE:
 		return do_list_set(ctx, cmd, table);
+	case CMD_OBJ_MAPS:
+		return do_list_sets(ctx, cmd);
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
 	}
diff --git a/src/scanner.l b/src/scanner.l
index b022114..88669d0 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -245,6 +245,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "set"			{ return SET; }
 "element"		{ return ELEMENT; }
 "map"			{ return MAP; }
+"maps"			{ return MAPS; }
 "handle"		{ return HANDLE; }
 "ruleset"		{ return RULESET; }
 
-- 
2.8.3

[PATCH nft 2/2] src: add support for display maps content

[Pablo M. Bermudo Garay]

This commit adds a new command that displays the definition of a single
map:

  # nft list map [family] <table> <map>

If no family is specified, ip is assumed.

Example:

  # nft list map ip6 filter test

  table ip6 filter {
          map test {
                  type ipv6_addr : inet_service
                  elements = { 2001:db8::ff00:42:8329 : http}
          }
  }

Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
---
 include/rule.h     |  1 +
 src/evaluate.c     | 10 ++++++++++
 src/parser_bison.y |  4 ++++
 src/rule.c         |  2 ++
 4 files changed, 17 insertions(+)

diff --git a/include/rule.h b/include/rule.h
index 11d8618..523aaa3 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -318,6 +318,7 @@ enum cmd_obj {
 	CMD_OBJ_EXPORT,
 	CMD_OBJ_FLOWTABLE,
 	CMD_OBJ_FLOWTABLES,
+	CMD_OBJ_MAP,
 	CMD_OBJ_MAPS,
 };
 
diff --git a/src/evaluate.c b/src/evaluate.c
index ea1a63d..423523f 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2688,6 +2688,16 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
 			return cmd_error(ctx, "Could not process rule: Flow table '%s' does not exist",
 					 cmd->handle.set);
 		return 0;
+	case CMD_OBJ_MAP:
+		table = table_lookup(&cmd->handle);
+		if (table == NULL)
+			return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
+					 cmd->handle.table);
+		set = set_lookup(table, cmd->handle.set);
+		if (set == NULL || !(set->flags & SET_F_MAP))
+			return cmd_error(ctx, "Could not process rule: Map '%s' does not exist",
+					 cmd->handle.set);
+		return 0;
 	case CMD_OBJ_CHAIN:
 		table = table_lookup(&cmd->handle);
 		if (table == NULL)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index c689585..1a45a6f 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -849,6 +849,10 @@ list_cmd		:	TABLE		table_spec
 			{
 				$$ = cmd_alloc(CMD_LIST, CMD_OBJ_MAPS, &$2, &@$, NULL);
 			}
+			|	MAP		set_spec
+			{
+				$$ = cmd_alloc(CMD_LIST, CMD_OBJ_MAP, &$2, &@$, NULL);
+			}
 			;
 
 flush_cmd		:	TABLE		table_spec
diff --git a/src/rule.c b/src/rule.c
index 38fd664..14e57f2 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1222,6 +1222,8 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
 		return do_list_set(ctx, cmd, table);
 	case CMD_OBJ_MAPS:
 		return do_list_sets(ctx, cmd);
+	case CMD_OBJ_MAP:
+		return do_list_set(ctx, cmd, table);
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
 	}
-- 
2.8.3

Re: [PATCH nft 1/2] src: add 'list maps' support

[Pablo Neira Ayuso]

On Tue, May 31, 2016 at 12:37:06PM +0200, Pablo M. Bermudo Garay wrote:
> This commit adds a new command that lists maps:
> 
>   # nft list maps [family]
> 
> Only the declaration is displayed. If no family is specified, all maps
> of all families are listed.
> 
> Example:
> 
>   # nft list maps
> 
>   table ip filter {
>           map test {
>                   type ipv4_addr : inet_service
>           }
>   }
>   table ip6 filter {
>           map test {
>                   type ipv6_addr : inet_service
>           }
>   }

Applied, thanks.

Re: [PATCH nft 2/2] src: add support for display maps content

[Pablo Neira Ayuso]

On Tue, May 31, 2016 at 12:37:07PM +0200, Pablo M. Bermudo Garay wrote:
> This commit adds a new command that displays the definition of a single
> map:
> 
>   # nft list map [family] <table> <map>
> 
> If no family is specified, ip is assumed.
> 
> Example:
> 
>   # nft list map ip6 filter test
> 
>   table ip6 filter {
>           map test {
>                   type ipv6_addr : inet_service
>                   elements = { 2001:db8::ff00:42:8329 : http}
>           }
>   }

Also applied, thanks.