From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nft 4/4] src: allow flowtable definitions with no devices
Date: Wed, 20 May 2020 20:23:37 +0200 [thread overview]
Message-ID: <20200520182337.31295-4-pablo@netfilter.org> (raw)
In-Reply-To: <20200520182337.31295-1-pablo@netfilter.org>
# nft add flowtable x y { hook ingress priority 0\; }
The listing shows no devices:
# nft list ruleset
table ip x {
flowtable y {
hook ingress priority filter
}
}
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/mnl.c | 10 ++++++----
src/rule.c | 14 ++++++++------
2 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/src/mnl.c b/src/mnl.c
index 759ae41ceb01..19f666416909 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -1652,10 +1652,12 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, struct cmd *cmd,
nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_PRIO, 0);
}
- dev_array = nft_flowtable_dev_array(cmd);
- nftnl_flowtable_set_data(flo, NFTNL_FLOWTABLE_DEVICES,
- dev_array, 0);
- nft_flowtable_dev_array_free(dev_array);
+ if (cmd->flowtable->dev_expr) {
+ dev_array = nft_flowtable_dev_array(cmd);
+ nftnl_flowtable_set_data(flo, NFTNL_FLOWTABLE_DEVICES,
+ dev_array, 0);
+ nft_flowtable_dev_array_free(dev_array);
+ }
nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_FLAGS,
cmd->flowtable->flags);
diff --git a/src/rule.c b/src/rule.c
index 1f56faeb5c3c..21a52157391d 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -2272,13 +2272,15 @@ static void flowtable_print_declaration(const struct flowtable *flowtable,
flowtable->hook.num, flowtable->priority.expr),
opts->stmt_separator);
- nft_print(octx, "%s%sdevices = { ", opts->tab, opts->tab);
- for (i = 0; i < flowtable->dev_array_len; i++) {
- nft_print(octx, "%s", flowtable->dev_array[i]);
- if (i + 1 != flowtable->dev_array_len)
- nft_print(octx, ", ");
+ if (flowtable->dev_array_len > 0) {
+ nft_print(octx, "%s%sdevices = { ", opts->tab, opts->tab);
+ for (i = 0; i < flowtable->dev_array_len; i++) {
+ nft_print(octx, "%s", flowtable->dev_array[i]);
+ if (i + 1 != flowtable->dev_array_len)
+ nft_print(octx, ", ");
+ }
+ nft_print(octx, " }%s", opts->stmt_separator);
}
- nft_print(octx, " }%s", opts->stmt_separator);
if (flowtable->flags & NFT_FLOWTABLE_COUNTER)
nft_print(octx, "%s%scounter%s", opts->tab, opts->tab,
--
2.20.1
prev parent reply other threads:[~2020-05-20 18:23 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-20 18:23 [PATCH nft 1/4] mnl: add function to convert flowtable device list to array Pablo Neira Ayuso
2020-05-20 18:23 ` [PATCH nft 2/4] src: add devices to an existing flowtable Pablo Neira Ayuso
2020-05-20 18:23 ` [PATCH nft 3/4] src: delete " Pablo Neira Ayuso
2020-05-20 18:23 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200520182337.31295-4-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).