1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 19 Jan 2018 01:41:38 +0100
Subject: [PATCH] src: delete flowtable
This patch allows you to delete an existing flowtable:
# nft delete flowtable x m
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
--- a/include/mnl.h
+++ b/include/mnl.h
@@ -95,6 +95,9 @@ mnl_nft_flowtable_dump(struct netlink_ct
int mnl_nft_flowtable_batch_add(struct nftnl_flowtable *flo,
struct nftnl_batch *batch, unsigned int flags,
uint32_t seqnum);
+int mnl_nft_flowtable_batch_del(struct nftnl_flowtable *flow,
+ struct nftnl_batch *batch, unsigned int flags,
+ uint32_t seqnum);
struct nftnl_ruleset *mnl_nft_ruleset_dump(struct netlink_ctx *ctx,
uint32_t family);
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -186,6 +186,9 @@ extern int netlink_list_flowtables(struc
extern int netlink_add_flowtable(struct netlink_ctx *ctx,
const struct handle *h, struct flowtable *ft,
uint32_t flags);
+extern int netlink_delete_flowtable(struct netlink_ctx *ctx,
+ const struct handle *h,
+ struct location *loc);
extern void netlink_dump_chain(const struct nftnl_chain *nlc,
struct netlink_ctx *ctx);
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3121,6 +3121,7 @@ static int cmd_evaluate_delete(struct ev
case CMD_OBJ_RULE:
case CMD_OBJ_CHAIN:
case CMD_OBJ_TABLE:
+ case CMD_OBJ_FLOWTABLE:
case CMD_OBJ_COUNTER:
case CMD_OBJ_QUOTA:
case CMD_OBJ_CT_HELPER:
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -1027,6 +1027,22 @@ int mnl_nft_flowtable_batch_add(struct n
return 0;
}
+int mnl_nft_flowtable_batch_del(struct nftnl_flowtable *flo,
+ struct nftnl_batch *batch, unsigned int flags,
+ uint32_t seqnum)
+{
+ struct nlmsghdr *nlh;
+
+ nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+ NFT_MSG_DELFLOWTABLE,
+ nftnl_flowtable_get_u32(flo, NFTNL_FLOWTABLE_FAMILY),
+ flags, seqnum);
+ nftnl_flowtable_nlmsg_build_payload(nlh, flo);
+ mnl_nft_batch_continue(batch);
+
+ return 0;
+}
+
/*
* ruleset
*/
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1831,6 +1831,24 @@ int netlink_add_flowtable(struct netlink
return err;
}
+int netlink_delete_flowtable(struct netlink_ctx *ctx, const struct handle *h,
+ struct location *loc)
+{
+ struct nftnl_flowtable *flo;
+ int err;
+
+ flo = alloc_nftnl_flowtable(h, NULL);
+ netlink_dump_flowtable(flo, ctx);
+
+ err = mnl_nft_flowtable_batch_del(flo, ctx->batch, 0, ctx->seqnum);
+ if (err < 0)
+ netlink_io_error(ctx, loc, "Could not delete flowtable: %s",
+ strerror(errno));
+ nftnl_flowtable_free(flo);
+
+ return err;
+}
+
static int list_obj_cb(struct nftnl_obj *nls, void *arg)
{
struct netlink_ctx *ctx = arg;
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1024,6 +1024,10 @@ delete_cmd : TABLE table_spec
{
$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SETELEM, &$2, &@$, $3);
}
+ | FLOWTABLE flowtable_spec
+ {
+ $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_FLOWTABLE, &$2, &@$, NULL);
+ }
| COUNTER obj_spec
{
$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_COUNTER, &$2, &@$, NULL);
--- a/src/rule.c
+++ b/src/rule.c
@@ -1177,6 +1177,9 @@ static int do_command_delete(struct netl
case CMD_OBJ_LIMIT:
return netlink_delete_obj(ctx, &cmd->handle, &cmd->location,
NFT_OBJECT_LIMIT);
+ case CMD_OBJ_FLOWTABLE:
+ return netlink_delete_flowtable(ctx, &cmd->handle,
+ &cmd->location);
default:
BUG("invalid command object type %u\n", cmd->obj);
}
|
