nftables-1.0.9-3.el9
* Tue Jul 02 2024 Phil Sutter <psutter@redhat.com> [1.0.9-3.el9] - cache: Always set NFT_CACHE_TERSE for list cmd with --terse (Phil Sutter) [RHEL-45633] Resolves: RHEL-45633
This commit is contained in:
parent
3d2e43cf37
commit
fae264a885
@ -0,0 +1,65 @@
|
||||
From 2ef49849b901184c3d97c98c05ffa6418b50af1e Mon Sep 17 00:00:00 2001
|
||||
From: Phil Sutter <psutter@redhat.com>
|
||||
Date: Tue, 2 Jul 2024 16:41:22 +0200
|
||||
Subject: [PATCH] cache: Always set NFT_CACHE_TERSE for list cmd with --terse
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-45633
|
||||
Upstream Status: nftables commit cd4e947032a57a585b1a457ce03f546afc7ba033
|
||||
|
||||
commit cd4e947032a57a585b1a457ce03f546afc7ba033
|
||||
Author: Phil Sutter <phil@nwl.cc>
|
||||
Date: Thu Feb 8 02:10:48 2024 +0100
|
||||
|
||||
cache: Always set NFT_CACHE_TERSE for list cmd with --terse
|
||||
|
||||
This fixes at least 'nft -t list table ...' and 'nft -t list set ...'.
|
||||
|
||||
Note how --terse handling for 'list sets/maps' remains in place since
|
||||
setting NFT_CACHE_TERSE does not fully undo NFT_CACHE_SETELEM: setting
|
||||
both enables fetching of anonymous sets which is pointless for that
|
||||
command.
|
||||
|
||||
Reported-by: anton.khazan@gmail.com
|
||||
Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1735
|
||||
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
|
||||
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
||||
---
|
||||
src/cache.c | 10 +++-------
|
||||
1 file changed, 3 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/cache.c b/src/cache.c
|
||||
index 4e89fe1..0ac0f7c 100644
|
||||
--- a/src/cache.c
|
||||
+++ b/src/cache.c
|
||||
@@ -230,8 +230,6 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
|
||||
}
|
||||
if (filter->list.table && filter->list.set)
|
||||
flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | NFT_CACHE_SETELEM;
|
||||
- else if (nft_output_terse(&nft->output))
|
||||
- flags |= NFT_CACHE_FULL | NFT_CACHE_TERSE;
|
||||
else
|
||||
flags |= NFT_CACHE_FULL;
|
||||
break;
|
||||
@@ -257,17 +255,15 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
|
||||
flags |= NFT_CACHE_TABLE | NFT_CACHE_FLOWTABLE;
|
||||
break;
|
||||
case CMD_OBJ_RULESET:
|
||||
- if (nft_output_terse(&nft->output))
|
||||
- flags |= NFT_CACHE_FULL | NFT_CACHE_TERSE;
|
||||
- else
|
||||
- flags |= NFT_CACHE_FULL;
|
||||
- break;
|
||||
default:
|
||||
flags |= NFT_CACHE_FULL;
|
||||
break;
|
||||
}
|
||||
flags |= NFT_CACHE_REFRESH;
|
||||
|
||||
+ if (nft_output_terse(&nft->output))
|
||||
+ flags |= NFT_CACHE_TERSE;
|
||||
+
|
||||
return flags;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
%define nft_rpmversion 1.0.9
|
||||
%define nft_specrelease 2
|
||||
%define nft_specrelease 3
|
||||
|
||||
Name: nftables
|
||||
Version: %{nft_rpmversion}
|
||||
@ -20,6 +20,7 @@ Source6: nft-test.stderr.expect
|
||||
Source7: run-tests.stderr.expect
|
||||
|
||||
Patch1: 0001-Add-support-for-table-s-persist-flag.patch
|
||||
Patch2: 0002-cache-Always-set-NFT_CACHE_TERSE-for-list-cmd-with-t.patch
|
||||
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
@ -132,6 +133,9 @@ cd py/
|
||||
%files -n python3-nftables -f %{pyproject_files}
|
||||
|
||||
%changelog
|
||||
* Tue Jul 02 2024 Phil Sutter <psutter@redhat.com> [1.0.9-3.el9]
|
||||
- cache: Always set NFT_CACHE_TERSE for list cmd with --terse (Phil Sutter) [RHEL-45633]
|
||||
|
||||
* Fri Jun 14 2024 Phil Sutter <psutter@redhat.com> [1.0.9-2.el9]
|
||||
- Add support for table's persist flag (Phil Sutter) [RHEL-32122]
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user