src: add list ruleset command

This patch adds a new command to nft:
	% nft list ruleset [family]

Which list the entire ruleset.
If no family is specified, all tables of all families are listed.

Users can now make several operations at ruleset level:

 % nft list ruleset > ruleset.nft
 % nft -f ruleset.nft
 % nft flush ruleset

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/parser.y b/src/parser.y
index db120a06bfb8f56b5ec6f023abf846e87ddb36a3..4a8df7b74bb57b5ab26013c286f78afc8cb2ab57 100644 (file)
--- a/src/parser.y
+++ b/src/parser.y
@@ -754,6 +754,10 @@ list_cmd           :       TABLE           table_spec
                        {
                                $$ = cmd_alloc(CMD_LIST, CMD_OBJ_SET, &$2, &@$, NULL);
                        }
+                       |       RULESET         ruleset_spec
+                       {
+                               $$ = cmd_alloc(CMD_LIST, CMD_OBJ_RULESET, &$2, &@$, NULL);
+                       }
                        ;
 
 flush_cmd              :       TABLE           table_spec

diff --git a/src/rule.c b/src/rule.c
index 336c15955baa430eba36b23e3eec92e193101ce1..43355eeb6fab5596587762f055e6feac2bc97c34 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -782,6 +782,32 @@ err:
        return -1;
 }
 
+static int do_list_ruleset(struct netlink_ctx *ctx, struct cmd *cmd)
+{
+       struct table *table, *next;
+       LIST_HEAD(tables);
+
+       if (netlink_list_tables(ctx, &cmd->handle, &cmd->location) < 0)
+               return -1;
+
+       list_splice_tail_init(&ctx->list, &tables);
+
+       list_for_each_entry_safe(table, next, &tables, list) {
+               table_add_hash(table);
+
+               cmd->handle.family = table->handle.family;
+               cmd->handle.table = xstrdup(table->handle.table);
+
+               if (do_list_table(ctx, cmd, table) < 0)
+                       return -1;
+
+               list_del(&table->list);
+               table_free(table);
+       }
+
+       return 0;
+}
+
 static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
 {
        struct table *table = NULL;
@@ -837,6 +863,8 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
                        set_print(set);
                }
                return 0;
+       case CMD_OBJ_RULESET:
+               return do_list_ruleset(ctx, cmd);
        default:
                BUG("invalid command object type %u\n", cmd->obj);
        }