[PATCH nft v2] evaluate: fix "list set" unexpected behaviour

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH nft v2] evaluate: fix "list set" unexpected behaviour
@ 2016-06-01 10:16 Pablo M. Bermudo Garay
  2016-06-01 11:11 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Pablo M. Bermudo Garay @ 2016-06-01 10:16 UTC (permalink / raw)
  To: netfilter-devel; +Cc: pablo, Pablo M. Bermudo Garay

Special sets like maps and flow tables have their own commands to be
listed and inspected.

Before this patch, "nft list set" was able to display these special sets
content:

  # nft list set filter test
  table ip filter {
          map test {
                  type ipv4_addr : inet_service
                  elements = { 192.168.1.101 : http-alt}
          }
  }

Now an error is shown:

  # nft list set filter test
  <cmdline>:1:1-20: Error: Could not process rule: Set 'test' does not exist
  list set filter test
  ^^^^^^^^^^^^^^^^^^^^

Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
---
 src/evaluate.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/evaluate.c b/src/evaluate.c
index 423523f..f24e5f3 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2674,7 +2674,8 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
 		if (table == NULL)
 			return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
 					 cmd->handle.table);
-		if (set_lookup(table, cmd->handle.set) == NULL)
+		set = set_lookup(table, cmd->handle.set);
+		if (set == NULL || set->flags & (SET_F_MAP | SET_F_EVAL))
 			return cmd_error(ctx, "Could not process rule: Set '%s' does not exist",
 					 cmd->handle.set);
 		return 0;
-- 
2.8.3


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH nft v2] evaluate: fix "list set" unexpected behaviour
  2016-06-01 10:16 [PATCH nft v2] evaluate: fix "list set" unexpected behaviour Pablo M. Bermudo Garay
@ 2016-06-01 11:11 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2016-06-01 11:11 UTC (permalink / raw)
  To: Pablo M. Bermudo Garay; +Cc: netfilter-devel

On Wed, Jun 01, 2016 at 12:16:51PM +0200, Pablo M. Bermudo Garay wrote:
> Special sets like maps and flow tables have their own commands to be
> listed and inspected.
> 
> Before this patch, "nft list set" was able to display these special sets
> content:
> 
>   # nft list set filter test
>   table ip filter {
>           map test {
>                   type ipv4_addr : inet_service
>                   elements = { 192.168.1.101 : http-alt}
>           }
>   }
> 
> Now an error is shown:
> 
>   # nft list set filter test
>   <cmdline>:1:1-20: Error: Could not process rule: Set 'test' does not exist
>   list set filter test
>   ^^^^^^^^^^^^^^^^^^^^

OK, let's place this in the tree before the release.

Applied, thanks.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-06-01 11:11 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-01 10:16 [PATCH nft v2] evaluate: fix "list set" unexpected behaviour Pablo M. Bermudo Garay
2016-06-01 11:11 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).