123 lines
3.4 KiB
Diff
123 lines
3.4 KiB
Diff
|
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
||
|
Date: Fri, 19 Jan 2018 01:41:38 +0100
|
||
|
Subject: [PATCH] src: delete flowtable
|
||
|
|
||
|
This patch allows you to delete an existing flowtable:
|
||
|
|
||
|
# nft delete flowtable x m
|
||
|
|
||
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||
|
---
|
||
|
|
||
|
--- a/include/mnl.h
|
||
|
+++ b/include/mnl.h
|
||
|
@@ -95,6 +95,9 @@ mnl_nft_flowtable_dump(struct netlink_ct
|
||
|
int mnl_nft_flowtable_batch_add(struct nftnl_flowtable *flo,
|
||
|
struct nftnl_batch *batch, unsigned int flags,
|
||
|
uint32_t seqnum);
|
||
|
+int mnl_nft_flowtable_batch_del(struct nftnl_flowtable *flow,
|
||
|
+ struct nftnl_batch *batch, unsigned int flags,
|
||
|
+ uint32_t seqnum);
|
||
|
|
||
|
struct nftnl_ruleset *mnl_nft_ruleset_dump(struct netlink_ctx *ctx,
|
||
|
uint32_t family);
|
||
|
--- a/include/netlink.h
|
||
|
+++ b/include/netlink.h
|
||
|
@@ -186,6 +186,9 @@ extern int netlink_list_flowtables(struc
|
||
|
extern int netlink_add_flowtable(struct netlink_ctx *ctx,
|
||
|
const struct handle *h, struct flowtable *ft,
|
||
|
uint32_t flags);
|
||
|
+extern int netlink_delete_flowtable(struct netlink_ctx *ctx,
|
||
|
+ const struct handle *h,
|
||
|
+ struct location *loc);
|
||
|
|
||
|
extern void netlink_dump_chain(const struct nftnl_chain *nlc,
|
||
|
struct netlink_ctx *ctx);
|
||
|
--- a/src/evaluate.c
|
||
|
+++ b/src/evaluate.c
|
||
|
@@ -3121,6 +3121,7 @@ static int cmd_evaluate_delete(struct ev
|
||
|
case CMD_OBJ_RULE:
|
||
|
case CMD_OBJ_CHAIN:
|
||
|
case CMD_OBJ_TABLE:
|
||
|
+ case CMD_OBJ_FLOWTABLE:
|
||
|
case CMD_OBJ_COUNTER:
|
||
|
case CMD_OBJ_QUOTA:
|
||
|
case CMD_OBJ_CT_HELPER:
|
||
|
--- a/src/mnl.c
|
||
|
+++ b/src/mnl.c
|
||
|
@@ -1027,6 +1027,22 @@ int mnl_nft_flowtable_batch_add(struct n
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
+int mnl_nft_flowtable_batch_del(struct nftnl_flowtable *flo,
|
||
|
+ struct nftnl_batch *batch, unsigned int flags,
|
||
|
+ uint32_t seqnum)
|
||
|
+{
|
||
|
+ struct nlmsghdr *nlh;
|
||
|
+
|
||
|
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
|
||
|
+ NFT_MSG_DELFLOWTABLE,
|
||
|
+ nftnl_flowtable_get_u32(flo, NFTNL_FLOWTABLE_FAMILY),
|
||
|
+ flags, seqnum);
|
||
|
+ nftnl_flowtable_nlmsg_build_payload(nlh, flo);
|
||
|
+ mnl_nft_batch_continue(batch);
|
||
|
+
|
||
|
+ return 0;
|
||
|
+}
|
||
|
+
|
||
|
/*
|
||
|
* ruleset
|
||
|
*/
|
||
|
--- a/src/netlink.c
|
||
|
+++ b/src/netlink.c
|
||
|
@@ -1831,6 +1831,24 @@ int netlink_add_flowtable(struct netlink
|
||
|
return err;
|
||
|
}
|
||
|
|
||
|
+int netlink_delete_flowtable(struct netlink_ctx *ctx, const struct handle *h,
|
||
|
+ struct location *loc)
|
||
|
+{
|
||
|
+ struct nftnl_flowtable *flo;
|
||
|
+ int err;
|
||
|
+
|
||
|
+ flo = alloc_nftnl_flowtable(h, NULL);
|
||
|
+ netlink_dump_flowtable(flo, ctx);
|
||
|
+
|
||
|
+ err = mnl_nft_flowtable_batch_del(flo, ctx->batch, 0, ctx->seqnum);
|
||
|
+ if (err < 0)
|
||
|
+ netlink_io_error(ctx, loc, "Could not delete flowtable: %s",
|
||
|
+ strerror(errno));
|
||
|
+ nftnl_flowtable_free(flo);
|
||
|
+
|
||
|
+ return err;
|
||
|
+}
|
||
|
+
|
||
|
static int list_obj_cb(struct nftnl_obj *nls, void *arg)
|
||
|
{
|
||
|
struct netlink_ctx *ctx = arg;
|
||
|
--- a/src/parser_bison.y
|
||
|
+++ b/src/parser_bison.y
|
||
|
@@ -1024,6 +1024,10 @@ delete_cmd : TABLE table_spec
|
||
|
{
|
||
|
$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SETELEM, &$2, &@$, $3);
|
||
|
}
|
||
|
+ | FLOWTABLE flowtable_spec
|
||
|
+ {
|
||
|
+ $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_FLOWTABLE, &$2, &@$, NULL);
|
||
|
+ }
|
||
|
| COUNTER obj_spec
|
||
|
{
|
||
|
$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_COUNTER, &$2, &@$, NULL);
|
||
|
--- a/src/rule.c
|
||
|
+++ b/src/rule.c
|
||
|
@@ -1177,6 +1177,9 @@ static int do_command_delete(struct netl
|
||
|
case CMD_OBJ_LIMIT:
|
||
|
return netlink_delete_obj(ctx, &cmd->handle, &cmd->location,
|
||
|
NFT_OBJECT_LIMIT);
|
||
|
+ case CMD_OBJ_FLOWTABLE:
|
||
|
+ return netlink_delete_flowtable(ctx, &cmd->handle,
|
||
|
+ &cmd->location);
|
||
|
default:
|
||
|
BUG("invalid command object type %u\n", cmd->obj);
|
||
|
}
|