src: extend nft to list object handle and delete objects via handle

Print handle attributes in objects when listing via '-a' option and
delete objects via their unique object handles.
For e.g.

nft delete [<object-type>] [<family>] <table-name> [handle <handle>]

Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index f311ab9faec7a5211eddfd902afcf9a9391bb87b..517a39a00e3d53f525557a80a9c29c63da515dbd 100644 (file)
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -1304,6 +1304,7 @@ enum nft_ct_helper_attributes {
  *
  * @NFTA_OBJ_TABLE: name of the table containing the expression (NLA_STRING)
  * @NFTA_OBJ_NAME: name of this expression type (NLA_STRING)
+ * @NFTA_OBJ_HANDLE: numeric handle of object (NLA_U64)
  * @NFTA_OBJ_TYPE: stateful object type (NLA_U32)
  * @NFTA_OBJ_DATA: stateful object data (NLA_NESTED)
  * @NFTA_OBJ_USE: number of references to this expression (NLA_U32)
@@ -1315,6 +1316,7 @@ enum nft_object_attributes {
        NFTA_OBJ_TYPE,
        NFTA_OBJ_DATA,
        NFTA_OBJ_USE,
+       NFTA_OBJ_HANDLE,
        __NFTA_OBJ_MAX
 };
 #define NFTA_OBJ_MAX           (__NFTA_OBJ_MAX - 1)

diff --git a/src/netlink.c b/src/netlink.c
index eaefbb5f9059edaa551bf1e39f82948670695c76..906568fed4dcd22663c0ec96da14fa8e23e6d830 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -297,6 +297,8 @@ __alloc_nftnl_obj(const struct handle *h, uint32_t type)
                nftnl_obj_set_str(nlo, NFTNL_OBJ_NAME, h->obj);
 
        nftnl_obj_set_u32(nlo, NFTNL_OBJ_TYPE, type);
+       if (h->handle.id)
+               nftnl_obj_set_u64(nlo, NFTNL_OBJ_HANDLE, h->handle.id);
 
        return nlo;
 }
@@ -1457,6 +1459,8 @@ static struct obj *netlink_delinearize_obj(struct netlink_ctx *ctx,
                xstrdup(nftnl_obj_get_str(nlo, NFTNL_OBJ_TABLE));
        obj->handle.obj =
                xstrdup(nftnl_obj_get_str(nlo, NFTNL_OBJ_NAME));
+       obj->handle.handle.id =
+               nftnl_obj_get_u64(nlo, NFTNL_OBJ_HANDLE);
 
        type = nftnl_obj_get_u32(nlo, NFTNL_OBJ_TYPE);
        switch (type) {
@@ -2419,6 +2423,7 @@ static void netlink_events_cache_delobj(struct netlink_mon_handler *monh,
 
        name     = nftnl_obj_get_str(nlo, NFTNL_OBJ_NAME);
        type     = nftnl_obj_get_u32(nlo, NFTNL_OBJ_TYPE);
+       h.handle.id     = nftnl_obj_get_u64(nlo, NFTNL_OBJ_HANDLE);
 
        t = table_lookup(&h, monh->cache);
        if (t == NULL) {

diff --git a/src/parser_bison.y b/src/parser_bison.y
index d4481ad6c4849f4c8a79bd23d051621909d9e903..e96340d9baf7d28a248a918b6ee31c689b2331d5 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -509,8 +509,8 @@ int nft_lex(void *, void *, void *);
 
 %type <handle>                 table_spec tableid_spec chain_spec chainid_spec flowtable_spec chain_identifier ruleid_spec handle_spec position_spec rule_position ruleset_spec
 %destructor { handle_free(&$$); } table_spec tableid_spec chain_spec chainid_spec flowtable_spec chain_identifier ruleid_spec handle_spec position_spec rule_position ruleset_spec
-%type <handle>                 set_spec setid_spec set_identifier flowtable_identifier obj_spec obj_identifier
-%destructor { handle_free(&$$); } set_spec setid_spec set_identifier obj_spec obj_identifier
+%type <handle>                 set_spec setid_spec set_identifier flowtable_identifier obj_spec objid_spec obj_identifier
+%destructor { handle_free(&$$); } set_spec setid_spec set_identifier obj_spec objid_spec obj_identifier
 %type <val>                    family_spec family_spec_explicit chain_policy prio_spec
 
 %type <string>                 dev_spec quota_unit
@@ -1068,10 +1068,18 @@ delete_cmd              :       TABLE           table_spec
                        {
                                $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_COUNTER, &$2, &@$, NULL);
                        }
+                       |       COUNTER         objid_spec
+                       {
+                               $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_COUNTER, &$2, &@$, NULL);
+                       }
                        |       QUOTA           obj_spec
                        {
                                $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_QUOTA, &$2, &@$, NULL);
                        }
+                       |       QUOTA           objid_spec
+                       {
+                               $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_QUOTA, &$2, &@$, NULL);
+                       }
                        |       CT      ct_obj_type     obj_spec        ct_obj_alloc
                        {
                                $$ = cmd_alloc_obj_ct(CMD_DELETE, $2, &$3, &@$, $4);
@@ -1080,6 +1088,10 @@ delete_cmd               :       TABLE           table_spec
                        {
                                $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_LIMIT, &$2, &@$, NULL);
                        }
+                       |       LIMIT           objid_spec
+                       {
+                               $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_LIMIT, &$2, &@$, NULL);
+                       }
                        ;
 
 list_cmd               :       TABLE           table_spec
@@ -1897,6 +1909,14 @@ obj_spec         :       table_spec      identifier
                        }
                        ;
 
+objid_spec             :       table_spec      HANDLE NUM
+                       {
+                               $$                      = $1;
+                               $$.handle.location      = @$;
+                               $$.handle.id            = $3;
+                       }
+                       ;
+
 obj_identifier         :       identifier
                        {
                                memset(&$$, 0, sizeof($$));