rule: add support for display flow tables content

This commit adds a new command that displays the definition of a single
flow table:

If no family is specified, ip is assumed.

Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/rule.h b/include/rule.h
index ae77c4c16eaf81a36004d109fad0c1be68362ccc..bd24648de7de04b898d4b9667d7605bcf1a639cd 100644 (file)
--- a/include/rule.h
+++ b/include/rule.h
@@ -316,6 +316,7 @@ enum cmd_obj {
        CMD_OBJ_EXPR,
        CMD_OBJ_MONITOR,
        CMD_OBJ_EXPORT,
+       CMD_OBJ_FLOWTABLE,
        CMD_OBJ_FLOWTABLES,
 };
 

diff --git a/src/evaluate.c b/src/evaluate.c
index 3600ad0083a5e55a3054c35dad4669bee71fc871..cb4d2a56dcddba9678d6e75731b1d00a439afca8 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2652,6 +2652,7 @@ static int cmd_evaluate_delete(struct eval_ctx *ctx, struct cmd *cmd)
 static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
 {
        struct table *table;
+       struct set *set;
        int ret;
 
        ret = cache_update(cmd->op, ctx->msgs);
@@ -2677,6 +2678,16 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
                        return cmd_error(ctx, "Could not process rule: Set '%s' does not exist",
                                         cmd->handle.set);
                return 0;
+       case CMD_OBJ_FLOWTABLE:
+               table = table_lookup(&cmd->handle);
+               if (table == NULL)
+                       return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
+                                        cmd->handle.table);
+               set = set_lookup(table, cmd->handle.set);
+               if (set == NULL || !(set->flags & SET_F_EVAL))
+                       return cmd_error(ctx, "Could not process rule: Flow table '%s' does not exist",
+                                        cmd->handle.set);
+               return 0;
        case CMD_OBJ_CHAIN:
                table = table_lookup(&cmd->handle);
                if (table == NULL)

diff --git a/src/parser_bison.y b/src/parser_bison.y
index c71f6df03d05d4314c0d8398dc22425fa8ffefd0..0452b8f408c110eacbdb17ecac1869d938499ab5 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -840,6 +840,10 @@ list_cmd           :       TABLE           table_spec
                        {
                                $$ = cmd_alloc(CMD_LIST, CMD_OBJ_FLOWTABLES, &$3, &@$, NULL);
                        }
+                       |       FLOW TABLE      set_spec
+                       {
+                               $$ = cmd_alloc(CMD_LIST, CMD_OBJ_FLOWTABLE, &$3, &@$, NULL);
+                       }
                        ;
 
 flush_cmd              :       TABLE           table_spec

diff --git a/src/rule.c b/src/rule.c
index 1bc5c6851ac1a33867c3aa20203716245cdc68e9..5613f966e30dd314adbd9dfbf858d6311785ab87 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -1214,6 +1214,8 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
                return do_list_ruleset(ctx, cmd);
        case CMD_OBJ_FLOWTABLES:
                return do_list_sets(ctx, cmd);
+       case CMD_OBJ_FLOWTABLE:
+               return do_list_set(ctx, cmd, table);
        default:
                BUG("invalid command object type %u\n", cmd->obj);
        }