[PATCH nft] rule: add support for display flow tables content

Pablo M. Bermudo Garay Fri, 20 May 2016 05:56:46 -0700

This commit adds a new command that displays the definition of a single
flow table:


If no family is specified, ip is assumed.

Signed-off-by: Pablo M. Bermudo Garay <pablo...@gmail.com>
---
 include/rule.h     |  1 +
 src/evaluate.c     | 11 +++++++++++
 src/parser_bison.y |  4 ++++
 src/rule.c         |  2 ++
 4 files changed, 18 insertions(+)

diff --git a/include/rule.h b/include/rule.h
index ae77c4c..bd24648 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -316,6 +316,7 @@ enum cmd_obj {
        CMD_OBJ_EXPR,
        CMD_OBJ_MONITOR,
        CMD_OBJ_EXPORT,
+       CMD_OBJ_FLOWTABLE,
        CMD_OBJ_FLOWTABLES,
 };
 
diff --git a/src/evaluate.c b/src/evaluate.c
index 3600ad0..cb4d2a5 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2652,6 +2652,7 @@ static int cmd_evaluate_delete(struct eval_ctx *ctx, 
struct cmd *cmd)
 static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
 {
        struct table *table;
+       struct set *set;
        int ret;
 
        ret = cache_update(cmd->op, ctx->msgs);
@@ -2677,6 +2678,16 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, 
struct cmd *cmd)
                        return cmd_error(ctx, "Could not process rule: Set '%s' 
does not exist",
                                         cmd->handle.set);
                return 0;
+       case CMD_OBJ_FLOWTABLE:
+               table = table_lookup(&cmd->handle);
+               if (table == NULL)
+                       return cmd_error(ctx, "Could not process rule: Table 
'%s' does not exist",
+                                        cmd->handle.table);
+               set = set_lookup(table, cmd->handle.set);
+               if (set == NULL || !(set->flags & SET_F_EVAL))
+                       return cmd_error(ctx, "Could not process rule: Flow 
table '%s' does not exist",
+                                        cmd->handle.set);
+               return 0;
        case CMD_OBJ_CHAIN:
                table = table_lookup(&cmd->handle);
                if (table == NULL)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index c71f6df..0452b8f 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -840,6 +840,10 @@ list_cmd           :       TABLE           table_spec
                        {
                                $$ = cmd_alloc(CMD_LIST, CMD_OBJ_FLOWTABLES, 
&$3, &@$, NULL);
                        }
+                       |       FLOW TABLE      set_spec
+                       {
+                               $$ = cmd_alloc(CMD_LIST, CMD_OBJ_FLOWTABLE, 
&$3, &@$, NULL);
+                       }
                        ;
 
 flush_cmd              :       TABLE           table_spec
diff --git a/src/rule.c b/src/rule.c
index 1bc5c68..5613f96 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1214,6 +1214,8 @@ static int do_command_list(struct netlink_ctx *ctx, 
struct cmd *cmd)
                return do_list_ruleset(ctx, cmd);
        case CMD_OBJ_FLOWTABLES:
                return do_list_sets(ctx, cmd);
+       case CMD_OBJ_FLOWTABLE:
+               return do_list_set(ctx, cmd, table);
        default:
                BUG("invalid command object type %u\n", cmd->obj);
        }
-- 
2.8.2

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH nft] rule: add support for display flow tables content

Reply via email to