Special sets like maps and flow tables have their own commands to be
listed and inspected.
Before this patch, "nft list set" was able to display these special sets
content:
# nft list set filter test
table ip filter {
map test {
type ipv4_addr : inet_service
elements = { 192.168.1.101 : http-alt}
}
}
Now an error is shown:
# nft list set filter test
<cmdline>:1:1-20: Error: Could not process rule: Set 'test' does not exist
list set filter test
^^^^^^^^^^^^^^^^^^^^
Signed-off-by: Pablo M. Bermudo Garay <pablombg@xxxxxxxxx>
---
src/evaluate.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index 423523f..86884a2 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2674,7 +2674,9 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
if (table == NULL)
return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
cmd->handle.table);
- if (set_lookup(table, cmd->handle.set) == NULL)
+ set = set_lookup(table, cmd->handle.set);
+ if (set == NULL || set->flags & SET_F_MAP ||
+ set->flags & SET_F_EVAL)
return cmd_error(ctx, "Could not process rule: Set '%s' does not exist",
cmd->handle.set);
return 0;
--
2.8.3
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
