extern int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h,
const struct location *loc);
extern int netlink_get_table(struct netlink_ctx *ctx, const struct handle *h,
- const struct location *loc);
+ const struct location *loc, struct table *table);
extern int netlink_list_table(struct netlink_ctx *ctx, const struct handle *h,
const struct location *loc);
extern int netlink_flush_table(struct netlink_ctx *ctx, const struct handle *h,
extern struct symbol *symbol_lookup(const struct scope *scope,
const char *identifier);
+enum table_flags {
+ TABLE_F_DORMANT = (1 << 0),
+};
+
/**
* struct table - nftables table
*
* @location: location the table was defined at
* @chains: chains contained in the table
* @sets: sets contained in the table
+ * @flags: table flags
*/
struct table {
struct list_head list;
struct scope scope;
struct list_head chains;
struct list_head sets;
+ enum table_flags flags;
};
extern struct table *table_alloc(void);
nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE,
nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY),
NLM_F_ACK, seq);
+ nft_table_nlmsg_build_payload(nlh, nlt);
+
return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, table_get_cb, nlt);
}
int err;
nlt = alloc_nft_table(h);
+ if (table != NULL)
+ nft_table_attr_set_u32(nlt, NFT_TABLE_ATTR_FLAGS, table->flags);
+ else
+ nft_table_attr_set_u32(nlt, NFT_TABLE_ATTR_FLAGS, 0);
+
err = mnl_nft_table_batch_add(nlt, excl ? NLM_F_EXCL : 0,
ctx->seqnum);
nft_table_free(nlt);
nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY);
table->handle.table =
xstrdup(nft_table_attr_get_str(nlt, NFT_TABLE_ATTR_NAME));
+ table->flags =
+ nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FLAGS);
return table;
}
}
int netlink_get_table(struct netlink_ctx *ctx, const struct handle *h,
- const struct location *loc)
+ const struct location *loc, struct table *table)
{
struct nft_table *nlt;
+ struct table *ntable;
int err;
nlt = alloc_nft_table(h);
err = mnl_nft_table_get(nf_sock, nlt, 0);
nft_table_free(nlt);
- if (err < 0)
+ if (err < 0) {
netlink_io_error(ctx, loc,
"Could not receive table from kernel: %s",
strerror(errno));
- return err;
-}
+ return err;
+ }
+ ntable = netlink_delinearize_table(ctx, nlt);
+ table->flags = ntable->flags;
+ xfree(ntable);
+ return 0;
+}
int netlink_list_table(struct netlink_ctx *ctx, const struct handle *h,
const struct location *loc)
}
;
+table_options : FLAGS STRING
+ {
+ if (strcmp($2, "dormant") == 0) {
+ $<table>0->flags = TABLE_F_DORMANT;
+ } else {
+ erec_queue(error(&@2, "unknown table option %s", $2),
+ state->msgs);
+ YYERROR;
+ }
+ }
+ ;
+
table_block : /* empty */ { $$ = $<table>-1; }
| table_block common_block
| table_block stmt_seperator
+ | table_block table_options stmt_seperator
| table_block CHAIN chain_identifier
chain_block_alloc '{' chain_block '}'
stmt_seperator
return NULL;
}
+#define TABLE_FLAGS_MAX 1
+
+const char *table_flags_name[TABLE_FLAGS_MAX] = {
+ "dormant",
+};
+
+static void table_print_options(const struct table *table, const char **delim)
+{
+ uint32_t flags = table->flags;
+ int i;
+
+ if (flags) {
+ printf("\tflags ");
+
+ for (i = 0; i < TABLE_FLAGS_MAX; i++) {
+ if (flags & 0x1)
+ printf("%s", table_flags_name[i]);
+ flags >>= 1;
+ if (flags)
+ printf(",");
+ }
+ printf("\n");
+ *delim = "\n";
+ }
+}
+
static void table_print(const struct table *table)
{
struct chain *chain;
const char *family = family2str(table->handle.family);
printf("table %s %s {\n", family, table->handle.table);
+ table_print_options(table, &delim);
+
list_for_each_entry(set, &table->sets, list) {
if (set->flags & SET_F_ANONYMOUS)
continue;
struct rule *rule, *nrule;
struct chain *chain;
+ if (netlink_get_table(ctx, &cmd->handle, &cmd->location, table) < 0)
+ goto err;
if (do_list_sets(ctx, &cmd->location, table) < 0)
goto err;
if (netlink_list_chains(ctx, &cmd->handle, &cmd->location) < 0)
projects / thirdparty / nftables.git / commitdiff
