package/network/utils/nftables/patches/202-src-delete-flowtable.patch

   1 From: Pablo Neira Ayuso <pablo@netfilter.org>
   2 Date: Fri, 19 Jan 2018 01:41:38 +0100
   3 Subject: [PATCH] src: delete flowtable
   4
   5 This patch allows you to delete an existing flowtable:
   6
   7  # nft delete flowtable x m
   8
   9 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  10 ---
  11
  12 --- a/include/mnl.h
  13 +++ b/include/mnl.h
  14 @@ -95,6 +95,9 @@ mnl_nft_flowtable_dump(struct netlink_ct
  15  int mnl_nft_flowtable_batch_add(struct nftnl_flowtable *flo,
  16                                 struct nftnl_batch *batch, unsigned int flags,
  17                                 uint32_t seqnum);
  18 +int mnl_nft_flowtable_batch_del(struct nftnl_flowtable *flow,
  19 +                               struct nftnl_batch *batch, unsigned int flags,
  20 +                               uint32_t seqnum);
  21
  22  struct nftnl_ruleset *mnl_nft_ruleset_dump(struct netlink_ctx *ctx,
  23                                            uint32_t family);
  24 --- a/include/netlink.h
  25 +++ b/include/netlink.h
  26 @@ -186,6 +186,9 @@ extern int netlink_list_flowtables(struc
  27  extern int netlink_add_flowtable(struct netlink_ctx *ctx,
  28                                  const struct handle *h, struct flowtable *ft,
  29                                  uint32_t flags);
  30 +extern int netlink_delete_flowtable(struct netlink_ctx *ctx,
  31 +                                   const struct handle *h,
  32 +                                   struct location *loc);
  33
  34  extern void netlink_dump_chain(const struct nftnl_chain *nlc,
  35                                struct netlink_ctx *ctx);
  36 --- a/src/evaluate.c
  37 +++ b/src/evaluate.c
  38 @@ -3121,6 +3121,7 @@ static int cmd_evaluate_delete(struct ev
  39         case CMD_OBJ_RULE:
  40         case CMD_OBJ_CHAIN:
  41         case CMD_OBJ_TABLE:
  42 +       case CMD_OBJ_FLOWTABLE:
  43         case CMD_OBJ_COUNTER:
  44         case CMD_OBJ_QUOTA:
  45         case CMD_OBJ_CT_HELPER:
  46 --- a/src/mnl.c
  47 +++ b/src/mnl.c
  48 @@ -1027,6 +1027,22 @@ int mnl_nft_flowtable_batch_add(struct n
  49         return 0;
  50  }
  51
  52 +int mnl_nft_flowtable_batch_del(struct nftnl_flowtable *flo,
  53 +                               struct nftnl_batch *batch, unsigned int flags,
  54 +                               uint32_t seqnum)
  55 +{
  56 +       struct nlmsghdr *nlh;
  57 +
  58 +       nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
  59 +                                   NFT_MSG_DELFLOWTABLE,
  60 +                                   nftnl_flowtable_get_u32(flo, NFTNL_FLOWTABLE_FAMILY),
  61 +                                   flags, seqnum);
  62 +       nftnl_flowtable_nlmsg_build_payload(nlh, flo);
  63 +       mnl_nft_batch_continue(batch);
  64 +
  65 +       return 0;
  66 +}
  67 +
  68  /*
  69   * ruleset
  70   */
  71 --- a/src/netlink.c
  72 +++ b/src/netlink.c
  73 @@ -1831,6 +1831,24 @@ int netlink_add_flowtable(struct netlink
  74         return err;
  75  }
  76
  77 +int netlink_delete_flowtable(struct netlink_ctx *ctx, const struct handle *h,
  78 +                            struct location *loc)
  79 +{
  80 +       struct nftnl_flowtable *flo;
  81 +       int err;
  82 +
  83 +       flo = alloc_nftnl_flowtable(h, NULL);
  84 +       netlink_dump_flowtable(flo, ctx);
  85 +
  86 +       err = mnl_nft_flowtable_batch_del(flo, ctx->batch, 0, ctx->seqnum);
  87 +       if (err < 0)
  88 +               netlink_io_error(ctx, loc, "Could not delete flowtable: %s",
  89 +                                strerror(errno));
  90 +       nftnl_flowtable_free(flo);
  91 +
  92 +       return err;
  93 +}
  94 +
  95  static int list_obj_cb(struct nftnl_obj *nls, void *arg)
  96  {
  97         struct netlink_ctx *ctx = arg;
  98 --- a/src/parser_bison.y
  99 +++ b/src/parser_bison.y
 100 @@ -1024,6 +1024,10 @@ delete_cmd               :       TABLE           table_spec
 101                         {
 102                                 $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SETELEM, &$2, &@$, $3);
 103                         }
 104 +                       |       FLOWTABLE       flowtable_spec
 105 +                       {
 106 +                               $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_FLOWTABLE, &$2, &@$, NULL);
 107 +                       }
 108                         |       COUNTER         obj_spec
 109                         {
 110                                 $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_COUNTER, &$2, &@$, NULL);
 111 --- a/src/rule.c
 112 +++ b/src/rule.c
 113 @@ -1177,6 +1177,9 @@ static int do_command_delete(struct netl
 114         case CMD_OBJ_LIMIT:
 115                 return netlink_delete_obj(ctx, &cmd->handle, &cmd->location,
 116                                           NFT_OBJECT_LIMIT);
 117 +       case CMD_OBJ_FLOWTABLE:
 118 +               return netlink_delete_flowtable(ctx, &cmd->handle,
 119 +                                               &cmd->location);
 120         default:
 121                 BUG("invalid command object type %u\n", cmd->obj);
 122         }