From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [nft PATCH 2/5] cache: Respect family in all list commands
Date: Wed, 11 Mar 2026 00:11:12 +0100 [thread overview]
Message-ID: <20260310231115.25638-3-phil@nwl.cc> (raw)
In-Reply-To: <20260310231115.25638-1-phil@nwl.cc>
Some list commands did not set filter->list.family even if one was given
on command line, fix this.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/cache.c | 6 ++-
tests/shell/testcases/listing/cache_filters | 46 +++++++++++++++++++++
2 files changed, 51 insertions(+), 1 deletion(-)
create mode 100755 tests/shell/testcases/listing/cache_filters
diff --git a/src/cache.c b/src/cache.c
index 62eccef991933..82efd476e3698 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -246,10 +246,12 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
flags |= NFT_CACHE_FULL;
break;
case CMD_OBJ_CHAINS:
+ filter->list.family = cmd->handle.family;
flags |= NFT_CACHE_TABLE | NFT_CACHE_CHAIN;
break;
case CMD_OBJ_SETS:
case CMD_OBJ_MAPS:
+ filter->list.family = cmd->handle.family;
flags |= NFT_CACHE_TABLE | NFT_CACHE_SET;
if (!nft_output_terse(&nft->output))
flags |= NFT_CACHE_SETELEM;
@@ -257,12 +259,12 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
case CMD_OBJ_FLOWTABLE:
if (cmd->handle.table.name &&
cmd->handle.flowtable.name) {
- filter->list.family = cmd->handle.family;
filter->list.table = cmd->handle.table.name;
filter->list.ft = cmd->handle.flowtable.name;
}
/* fall through */
case CMD_OBJ_FLOWTABLES:
+ filter->list.family = cmd->handle.family;
flags |= NFT_CACHE_TABLE | NFT_CACHE_FLOWTABLE;
break;
case CMD_OBJ_COUNTER:
@@ -301,6 +303,8 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
obj_filter_setup(cmd, &flags, filter, NFT_OBJECT_TUNNEL);
break;
case CMD_OBJ_RULESET:
+ filter->list.family = cmd->handle.family;
+ /* fall through */
default:
flags |= NFT_CACHE_FULL;
break;
diff --git a/tests/shell/testcases/listing/cache_filters b/tests/shell/testcases/listing/cache_filters
new file mode 100755
index 0000000000000..37c8f845dd4c7
--- /dev/null
+++ b/tests/shell/testcases/listing/cache_filters
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+set -e
+
+fail() {
+ echo "$*"
+ exit 1
+}
+
+$NFT -f - <<EOF
+table ip ip_t {
+ flowtable ip_t_ft {
+ hook ingress priority 0
+ }
+ set ip_t_s {
+ type inet_service
+ elements = { 22, 80, 443 }
+ }
+ chain ip_t_c {
+ tcp dport 22 accept
+ }
+ chain ip_t_c2 {
+ }
+}
+EOF
+
+$NFT --debug=netlink list ruleset | \
+ grep -q 'payload load' || fail "broken list ruleset"
+$NFT --debug=netlink list ruleset ip6 | \
+ grep -q 'payload load' && fail "broken list ruleset family filter"
+
+$NFT --debug=netlink list chains | \
+ grep -q 'ip ip_t ip_t_c' || fail "broken list chains"
+$NFT --debug=netlink list chains ip6 | \
+ grep -q 'ip ip_t ip_t_c' && fail "broken list chains family filter"
+
+$NFT --debug=netlink list sets | \
+ grep -q 'family 2 ip_t_s ip_t' || fail "broken list sets"
+$NFT --debug=netlink list sets ip6 | \
+ grep -q 'family 2 ip_t_s ip_t' && fail "broken list sets family filter"
+
+$NFT --debug=netlink list flowtables | \
+ grep -q 'flow table ip_t ip_t_ft' || fail "broken list flowtables"
+$NFT --debug=netlink list flowtables ip6 | \
+ grep -q 'flow table ip_t ip_t_ft' && fail "broken list flowtables family filter"
+exit 0
--
2.51.0
next prev parent reply other threads:[~2026-03-10 23:11 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-10 23:11 [nft PATCH 0/5] Enhance cache filter for list commands Phil Sutter
2026-03-10 23:11 ` [nft PATCH 1/5] cache: Include chains, flowtables and objects in netlink debug output Phil Sutter
2026-03-10 23:11 ` Phil Sutter [this message]
2026-03-11 9:34 ` [nft PATCH 2/5] cache: Respect family in all list commands Pablo Neira Ayuso
2026-03-11 10:19 ` Phil Sutter
2026-03-11 12:11 ` Pablo Neira Ayuso
2026-03-11 14:01 ` Phil Sutter
2026-03-10 23:11 ` [nft PATCH 3/5] cache: Relax chain_cache_dump filter application Phil Sutter
2026-03-11 9:38 ` Pablo Neira Ayuso
2026-03-10 23:11 ` [nft PATCH 4/5] cache: Filter for table when listing sets or maps Phil Sutter
2026-03-11 9:39 ` Pablo Neira Ayuso
2026-03-10 23:11 ` [nft PATCH 5/5] cache: Filter for table when listing flowtables Phil Sutter
2026-03-11 9:40 ` Pablo Neira Ayuso
2026-03-11 15:06 ` [nft PATCH 0/5] Enhance cache filter for list commands Eric Garver
2026-03-11 19:15 ` Phil Sutter
2026-03-18 16:23 ` Phil Sutter
2026-03-18 16:58 ` Pablo Neira Ayuso
2026-03-18 16:59 ` Pablo Neira Ayuso
2026-03-18 18:49 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260310231115.25638-3-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.