]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d545778)
src: Allow list single stateful object
authorElise Lennion <elise.lennion@gmail.com>
Thu, 26 Jan 2017 17:12:54 +0000 (15:12 -0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 27 Jan 2017 12:33:20 +0000 (13:33 +0100)
Currently the stateful objects can only be listed in groups. With this
patch listing a single object is allowed:

$ nft list counter filter https-traffic
table ip filter {
counter https-traffic {
packets 4014 bytes 228948
}
}

$ nft list quota filter https-quota
table ip filter {
quota https-quota {
25 mbytes used 278 kbytes
}
}

Signed-off-by: Elise Lennion <elise.lennion@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/evaluate.c patch | blob | blame | history
src/rule.c patch | blob | blame | history

diff --git a/src/evaluate.c b/src/evaluate.c
index 1d2f9258e90c5e6507e26736cb949a2b341291da..dab7cfca0dd980435c88196727b8eb38436b4663 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2882,6 +2882,7 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
        struct table *table;
        struct set *set;
        int ret;
+       uint32_t obj_type = NFT_OBJECT_UNSPEC;
 
        ret = cache_update(cmd->op, ctx->msgs);
        if (ret < 0)
@@ -2936,6 +2937,19 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
                        return cmd_error(ctx, "Could not process rule: Chain '%s' does not exist",
                                         cmd->handle.chain);
                return 0;
+       case CMD_OBJ_QUOTA:
+               obj_type = NFT_OBJECT_QUOTA;
+       case CMD_OBJ_COUNTER:
+               if (obj_type == NFT_OBJECT_UNSPEC)
+                       obj_type = NFT_OBJECT_COUNTER;
+               table = table_lookup(&cmd->handle);
+               if (table == NULL)
+                       return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
+                                        cmd->handle.table);
+               if (obj_lookup(table, cmd->handle.obj, obj_type) == NULL)
+                       return cmd_error(ctx, "Could not process rule: Object '%s' does not exist",
+                                        cmd->handle.obj);
+               return 0;
        case CMD_OBJ_CHAINS:
        case CMD_OBJ_SETS:
        case CMD_OBJ_COUNTERS:
diff --git a/src/rule.c b/src/rule.c
index a9f3a496a34578b3a0864bf225223f15a3b631eb..0d58073f7333ebab6cb205ed79a521e3cab578a8 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -1276,8 +1276,16 @@ static int do_list_obj(struct netlink_ctx *ctx, struct cmd *cmd, uint32_t type)
                       family2str(table->handle.family),
                       table->handle.table);
 
+               if (cmd->handle.table != NULL &&
+                   strcmp(cmd->handle.table, table->handle.table)) {
+                       printf("}\n");
+                       continue;
+               }
+
                list_for_each_entry(obj, &table->objs, list) {
-                       if (obj->type != type)
+                       if (obj->type != type ||
+                           (cmd->handle.obj != NULL &&
+                            strcmp(cmd->handle.obj, obj->handle.obj)))
                                continue;
 
                        obj_print_declaration(obj, &opts);
@@ -1420,8 +1428,10 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
                return do_list_sets(ctx, cmd);
        case CMD_OBJ_MAP:
                return do_list_set(ctx, cmd, table);
+       case CMD_OBJ_COUNTER:
        case CMD_OBJ_COUNTERS:
                return do_list_obj(ctx, cmd, NFT_OBJECT_COUNTER);
+       case CMD_OBJ_QUOTA:
        case CMD_OBJ_QUOTAS:
                return do_list_obj(ctx, cmd, NFT_OBJECT_QUOTA);
        default:
Mirror of git://git.netfilter.org/nftables