[nft PATCH v2 0/3] Stateless output fixes

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [nft PATCH v2 0/3] Stateless output fixes
@ 2021-10-07 19:48 Jeremy Sowden
  2021-10-07 19:49 ` [nft PATCH v2 1/3] rule: remove fake stateless output of named counters Jeremy Sowden
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Jeremy Sowden @ 2021-10-07 19:48 UTC (permalink / raw)
  To: Netfilter Devel

The first patch removes some dummy output for named counters.  The
second patch fixes a bug that erroneously clears the stateless output
flag.  The third patch merges some conditionals.

Changes since v1: patches 2 & 3 are new.

Jeremy Sowden (3):
  rule: remove fake stateless output of named counters
  rule: fix stateless output after listing sets containing counters.
  rule: replace three conditionals with one.

 src/rule.c | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

-- 
2.33.0

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [nft PATCH v2 1/3] rule: remove fake stateless output of named counters
  2021-10-07 19:48 [nft PATCH v2 0/3] Stateless output fixes Jeremy Sowden
@ 2021-10-07 19:49 ` Jeremy Sowden
  2021-10-07 19:49 ` [nft PATCH v2 2/3] rule: fix stateless output after listing sets containing counters Jeremy Sowden
  2021-10-07 19:49 ` [nft PATCH v2 3/3] rule: replace three conditionals with one Jeremy Sowden
  2 siblings, 0 replies; 4+ messages in thread
From: Jeremy Sowden @ 2021-10-07 19:49 UTC (permalink / raw)
  To: Netfilter Devel

When `-s` is passed, no state is output for named quotas and counter and
quota rules, but fake zero state is output for named counters.  Remove
the output of named counters to match the remaining stateful objects.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 src/rule.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/rule.c b/src/rule.c
index 6091067f608b..50e16cf9e028 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1811,13 +1811,12 @@ static void obj_print_data(const struct obj *obj,
 			nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id);
 
 		obj_print_comment(obj, opts, octx);
-		nft_print(octx, "%s%s%s", opts->nl, opts->tab, opts->tab);
-		if (nft_output_stateless(octx)) {
-			nft_print(octx, "packets 0 bytes 0");
-			break;
-		}
-		nft_print(octx, "packets %" PRIu64 " bytes %" PRIu64 "%s",
-			  obj->counter.packets, obj->counter.bytes, opts->nl);
+		if (nft_output_stateless(octx))
+			nft_print(octx, "%s", opts->nl);
+		else
+			nft_print(octx, "%s%s%spackets %" PRIu64 " bytes %" PRIu64 "%s",
+				  opts->nl, opts->tab, opts->tab,
+				  obj->counter.packets, obj->counter.bytes, opts->nl);
 		break;
 	case NFT_OBJECT_QUOTA: {
 		const char *data_unit;
-- 
2.33.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [nft PATCH v2 2/3] rule: fix stateless output after listing sets containing counters.
  2021-10-07 19:48 [nft PATCH v2 0/3] Stateless output fixes Jeremy Sowden
  2021-10-07 19:49 ` [nft PATCH v2 1/3] rule: remove fake stateless output of named counters Jeremy Sowden
@ 2021-10-07 19:49 ` Jeremy Sowden
  2021-10-07 19:49 ` [nft PATCH v2 3/3] rule: replace three conditionals with one Jeremy Sowden
  2 siblings, 0 replies; 4+ messages in thread
From: Jeremy Sowden @ 2021-10-07 19:49 UTC (permalink / raw)
  To: Netfilter Devel

Before outputting counters in set definitions the
`NFT_CTX_OUTPUT_STATELESS` flag was set to suppress output of the
counter state and unconditionally cleared afterwards, regardless of
whether it had been originally set.  Record the original set of flags
and restore it.

Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994273
Fixes: 6d80e0f15492 ("src: support for counter in set definition")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 src/rule.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/rule.c b/src/rule.c
index 50e16cf9e028..b566adf07b1f 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -370,13 +370,15 @@ static void set_print_declaration(const struct set *set,
 		nft_print(octx, "%s%s", opts->tab, opts->tab);
 
 	if (!list_empty(&set->stmt_list)) {
+		unsigned int flags = octx->flags;
+
 		octx->flags |= NFT_CTX_OUTPUT_STATELESS;
 		list_for_each_entry(stmt, &set->stmt_list, list) {
 			stmt_print(stmt, octx);
 			if (!list_is_last(&stmt->list, &set->stmt_list))
 				nft_print(octx, " ");
 		}
-		octx->flags &= ~NFT_CTX_OUTPUT_STATELESS;
+		octx->flags = flags;
 	}
 
 	if (!list_empty(&set->stmt_list))
-- 
2.33.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [nft PATCH v2 3/3] rule: replace three conditionals with one.
  2021-10-07 19:48 [nft PATCH v2 0/3] Stateless output fixes Jeremy Sowden
  2021-10-07 19:49 ` [nft PATCH v2 1/3] rule: remove fake stateless output of named counters Jeremy Sowden
  2021-10-07 19:49 ` [nft PATCH v2 2/3] rule: fix stateless output after listing sets containing counters Jeremy Sowden
@ 2021-10-07 19:49 ` Jeremy Sowden
  2 siblings, 0 replies; 4+ messages in thread
From: Jeremy Sowden @ 2021-10-07 19:49 UTC (permalink / raw)
  To: Netfilter Devel

When outputting set definitions, merge three consecutive
`if (!list_empty(&set->stmt_list))` conditionals.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 src/rule.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/rule.c b/src/rule.c
index b566adf07b1f..7c048fcc1eee 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -366,12 +366,11 @@ static void set_print_declaration(const struct set *set,
 		nft_print(octx, "%s", opts->stmt_separator);
 	}
 
-	if (!list_empty(&set->stmt_list))
-		nft_print(octx, "%s%s", opts->tab, opts->tab);
-
 	if (!list_empty(&set->stmt_list)) {
 		unsigned int flags = octx->flags;
 
+		nft_print(octx, "%s%s", opts->tab, opts->tab);
+
 		octx->flags |= NFT_CTX_OUTPUT_STATELESS;
 		list_for_each_entry(stmt, &set->stmt_list, list) {
 			stmt_print(stmt, octx);
@@ -379,10 +378,9 @@ static void set_print_declaration(const struct set *set,
 				nft_print(octx, " ");
 		}
 		octx->flags = flags;
-	}
 
-	if (!list_empty(&set->stmt_list))
 		nft_print(octx, "%s", opts->stmt_separator);
+	}
 
 	if (set->automerge)
 		nft_print(octx, "%s%sauto-merge%s", opts->tab, opts->tab,
-- 
2.33.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-10-07 19:53 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-10-07 19:48 [nft PATCH v2 0/3] Stateless output fixes Jeremy Sowden
2021-10-07 19:49 ` [nft PATCH v2 1/3] rule: remove fake stateless output of named counters Jeremy Sowden
2021-10-07 19:49 ` [nft PATCH v2 2/3] rule: fix stateless output after listing sets containing counters Jeremy Sowden
2021-10-07 19:49 ` [nft PATCH v2 3/3] rule: replace three conditionals with one Jeremy Sowden

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).