[PATCH nft 1/4] configure: default to libedit for cli

[PATCH nft 1/4] configure: default to libedit for cli

[Pablo Neira Ayuso]

readline support only compiles for libreadline5, set libedit as default
library.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 6069b871911e..96cb91c7c979 100644
--- a/configure.ac
+++ b/configure.ac
@@ -69,7 +69,7 @@ AM_CONDITIONAL([BUILD_MINIGMP], [test "x$with_mini_gmp" = xyes])
 
 AC_ARG_WITH([cli], [AS_HELP_STRING([--without-cli],
             [disable interactive CLI (libreadline, editline or linenoise support)])],
-            [], [with_cli=readline])
+            [], [with_cli=editline])
 
 AS_IF([test "x$with_cli" = xreadline], [
 AC_CHECK_LIB([readline], [readline], ,
-- 
2.30.2

[PATCH nft 2/4] cache: always set on NFT_CACHE_REFRESH for listing

[Pablo Neira Ayuso]

This flag forces a refresh of the cache on list commands, several
object types are missing this flag.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/cache.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/cache.c b/src/cache.c
index c602f93a3ec6..3cbf99e8e124 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -136,7 +136,7 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
 		if (filter && cmd->handle.table.name)
 			filter->table = cmd->handle.table.name;
 
-		flags |= NFT_CACHE_FULL | NFT_CACHE_REFRESH;
+		flags |= NFT_CACHE_FULL;
 		break;
 	case CMD_OBJ_SET:
 	case CMD_OBJ_MAP:
@@ -145,9 +145,9 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
 			filter->set = cmd->handle.set.name;
 		}
 		if (nft_output_terse(&nft->output))
-			flags |= (NFT_CACHE_FULL & ~NFT_CACHE_SETELEM) | NFT_CACHE_REFRESH;
+			flags |= (NFT_CACHE_FULL & ~NFT_CACHE_SETELEM);
 		else
-			flags |= NFT_CACHE_FULL | NFT_CACHE_REFRESH;
+			flags |= NFT_CACHE_FULL;
 		break;
 	case CMD_OBJ_CHAINS:
 		flags |= NFT_CACHE_TABLE | NFT_CACHE_CHAIN;
@@ -161,13 +161,14 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
 		break;
 	case CMD_OBJ_RULESET:
 		if (nft_output_terse(&nft->output))
-			flags |= (NFT_CACHE_FULL & ~NFT_CACHE_SETELEM) | NFT_CACHE_REFRESH;
+			flags |= (NFT_CACHE_FULL & ~NFT_CACHE_SETELEM);
 		else
-			flags |= NFT_CACHE_FULL | NFT_CACHE_REFRESH;
+			flags |= NFT_CACHE_FULL;
 	default:
-		flags |= NFT_CACHE_FULL | NFT_CACHE_REFRESH;
+		flags |= NFT_CACHE_FULL;
 		break;
 	}
+	flags |= NFT_CACHE_REFRESH;
 
 	return flags;
 }
-- 
2.30.2

[PATCH nft 3/4] cache: honor filter in set listing commands

[Pablo Neira Ayuso]

Fetch table, set and set elements only for set listing commands, e.g.
nft list set inet filter ipv4_bogons.

Fixes: 635ee1cad8aa ("cache: filter out sets and maps that are not requested")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/cache.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/cache.c b/src/cache.c
index 3cbf99e8e124..691e8131c494 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -146,6 +146,8 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
 		}
 		if (nft_output_terse(&nft->output))
 			flags |= (NFT_CACHE_FULL & ~NFT_CACHE_SETELEM);
+		else if (filter->table && filter->set)
+			flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | NFT_CACHE_SETELEM;
 		else
 			flags |= NFT_CACHE_FULL;
 		break;
-- 
2.30.2

[PATCH nft 4/4] cache: honor table in set filtering

[Pablo Neira Ayuso]

Check if table mismatch, in case the same set name is used in different
tables.

Fixes: 635ee1cad8aa ("cache: filter out sets and maps that are not requested")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/cache.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/cache.c b/src/cache.c
index 691e8131c494..f62c9b96f528 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -377,7 +377,8 @@ static int set_cache_cb(struct nftnl_set *nls, void *arg)
 		return -1;
 
 	if (ctx->filter && ctx->filter->set &&
-	    (strcmp(ctx->filter->set, set->handle.set.name))) {
+	    (strcmp(ctx->filter->table, set->handle.table.name) ||
+	     strcmp(ctx->filter->set, set->handle.set.name))) {
 		set_free(set);
 		return 0;
 	}
-- 
2.30.2