diff options
Diffstat (limited to 'package/network/utils/nftables/patches/202-src-delete-flowtable.patch')
| -rw-r--r-- | package/network/utils/nftables/patches/202-src-delete-flowtable.patch | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/package/network/utils/nftables/patches/202-src-delete-flowtable.patch b/package/network/utils/nftables/patches/202-src-delete-flowtable.patch new file mode 100644 index 0000000000..32b7f96bc5 --- /dev/null +++ b/package/network/utils/nftables/patches/202-src-delete-flowtable.patch @@ -0,0 +1,122 @@ +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Fri, 19 Jan 2018 01:41:38 +0100 +Subject: [PATCH] src: delete flowtable + +This patch allows you to delete an existing flowtable: + + # nft delete flowtable x m + +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + +--- a/include/mnl.h ++++ b/include/mnl.h +@@ -95,6 +95,9 @@ mnl_nft_flowtable_dump(struct netlink_ct + int mnl_nft_flowtable_batch_add(struct nftnl_flowtable *flo, + struct nftnl_batch *batch, unsigned int flags, + uint32_t seqnum); ++int mnl_nft_flowtable_batch_del(struct nftnl_flowtable *flow, ++ struct nftnl_batch *batch, unsigned int flags, ++ uint32_t seqnum); + + struct nftnl_ruleset *mnl_nft_ruleset_dump(struct netlink_ctx *ctx, + uint32_t family); +--- a/include/netlink.h ++++ b/include/netlink.h +@@ -186,6 +186,9 @@ extern int netlink_list_flowtables(struc + extern int netlink_add_flowtable(struct netlink_ctx *ctx, + const struct handle *h, struct flowtable *ft, + uint32_t flags); ++extern int netlink_delete_flowtable(struct netlink_ctx *ctx, ++ const struct handle *h, ++ struct location *loc); + + extern void netlink_dump_chain(const struct nftnl_chain *nlc, + struct netlink_ctx *ctx); +--- a/src/evaluate.c ++++ b/src/evaluate.c +@@ -3121,6 +3121,7 @@ static int cmd_evaluate_delete(struct ev + case CMD_OBJ_RULE: + case CMD_OBJ_CHAIN: + case CMD_OBJ_TABLE: ++ case CMD_OBJ_FLOWTABLE: + case CMD_OBJ_COUNTER: + case CMD_OBJ_QUOTA: + case CMD_OBJ_CT_HELPER: +--- a/src/mnl.c ++++ b/src/mnl.c +@@ -1027,6 +1027,22 @@ int mnl_nft_flowtable_batch_add(struct n + return 0; + } + ++int mnl_nft_flowtable_batch_del(struct nftnl_flowtable *flo, ++ struct nftnl_batch *batch, unsigned int flags, ++ uint32_t seqnum) ++{ ++ struct nlmsghdr *nlh; ++ ++ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch), ++ NFT_MSG_DELFLOWTABLE, ++ nftnl_flowtable_get_u32(flo, NFTNL_FLOWTABLE_FAMILY), ++ flags, seqnum); ++ nftnl_flowtable_nlmsg_build_payload(nlh, flo); ++ mnl_nft_batch_continue(batch); ++ ++ return 0; ++} ++ + /* + * ruleset + */ +--- a/src/netlink.c ++++ b/src/netlink.c +@@ -1831,6 +1831,24 @@ int netlink_add_flowtable(struct netlink + return err; + } + ++int netlink_delete_flowtable(struct netlink_ctx *ctx, const struct handle *h, ++ struct location *loc) ++{ ++ struct nftnl_flowtable *flo; ++ int err; ++ ++ flo = alloc_nftnl_flowtable(h, NULL); ++ netlink_dump_flowtable(flo, ctx); ++ ++ err = mnl_nft_flowtable_batch_del(flo, ctx->batch, 0, ctx->seqnum); ++ if (err < 0) ++ netlink_io_error(ctx, loc, "Could not delete flowtable: %s", ++ strerror(errno)); ++ nftnl_flowtable_free(flo); ++ ++ return err; ++} ++ + static int list_obj_cb(struct nftnl_obj *nls, void *arg) + { + struct netlink_ctx *ctx = arg; +--- a/src/parser_bison.y ++++ b/src/parser_bison.y +@@ -1024,6 +1024,10 @@ delete_cmd : TABLE table_spec + { + $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SETELEM, &$2, &@$, $3); + } ++ | FLOWTABLE flowtable_spec ++ { ++ $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_FLOWTABLE, &$2, &@$, NULL); ++ } + | COUNTER obj_spec + { + $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_COUNTER, &$2, &@$, NULL); +--- a/src/rule.c ++++ b/src/rule.c +@@ -1177,6 +1177,9 @@ static int do_command_delete(struct netl + case CMD_OBJ_LIMIT: + return netlink_delete_obj(ctx, &cmd->handle, &cmd->location, + NFT_OBJECT_LIMIT); ++ case CMD_OBJ_FLOWTABLE: ++ return netlink_delete_flowtable(ctx, &cmd->handle, ++ &cmd->location); + default: + BUG("invalid command object type %u\n", cmd->obj); + } |