src: delete flowtable

This patch allows you to delete an existing flowtable:

 # nft delete flowtable x m

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/mnl.h b/include/mnl.h
index 470b29787fa604c01526b060d7572edeb691f2bb..1b2450a9388e6ffc4c2f69f04fce7a937278f237 100644 (file)
--- a/include/mnl.h
+++ b/include/mnl.h
@@ -95,6 +95,9 @@ mnl_nft_flowtable_dump(struct netlink_ctx *ctx, int family, const char *table);
 int mnl_nft_flowtable_batch_add(struct nftnl_flowtable *flo,
                                struct nftnl_batch *batch, unsigned int flags,
                                uint32_t seqnum);
+int mnl_nft_flowtable_batch_del(struct nftnl_flowtable *flow,
+                               struct nftnl_batch *batch, unsigned int flags,
+                               uint32_t seqnum);
 
 struct nftnl_ruleset *mnl_nft_ruleset_dump(struct netlink_ctx *ctx,
                                           uint32_t family);

diff --git a/include/netlink.h b/include/netlink.h
index 41fd55f9b1412b9267ac10ba0b8d726c915bfc40..cbe9164de19e96c6ddf82d946d6775797fce94b5 100644 (file)
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -186,6 +186,9 @@ extern int netlink_list_flowtables(struct netlink_ctx *ctx,
 extern int netlink_add_flowtable(struct netlink_ctx *ctx,
                                 const struct handle *h, struct flowtable *ft,
                                 uint32_t flags);
+extern int netlink_delete_flowtable(struct netlink_ctx *ctx,
+                                   const struct handle *h,
+                                   struct location *loc);
 
 extern void netlink_dump_chain(const struct nftnl_chain *nlc,
                               struct netlink_ctx *ctx);

diff --git a/src/evaluate.c b/src/evaluate.c
index 9da185c9d920f967e50aa5d095836946bd05c25e..51841136766945e6955c852cb2ae8aa89b40cf19 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3134,6 +3134,7 @@ static int cmd_evaluate_delete(struct eval_ctx *ctx, struct cmd *cmd)
        case CMD_OBJ_RULE:
        case CMD_OBJ_CHAIN:
        case CMD_OBJ_TABLE:
+       case CMD_OBJ_FLOWTABLE:
        case CMD_OBJ_COUNTER:
        case CMD_OBJ_QUOTA:
        case CMD_OBJ_CT_HELPER:

diff --git a/src/mnl.c b/src/mnl.c
index be6e05da5936a06b10998c8ddd71c9b27ef66515..f620a3bda8d53a89f7cbf17334e5e9b2428fa536 100644 (file)
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -1027,6 +1027,22 @@ int mnl_nft_flowtable_batch_add(struct nftnl_flowtable *flo,
        return 0;
 }
 
+int mnl_nft_flowtable_batch_del(struct nftnl_flowtable *flo,
+                               struct nftnl_batch *batch, unsigned int flags,
+                               uint32_t seqnum)
+{
+       struct nlmsghdr *nlh;
+
+       nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+                                   NFT_MSG_DELFLOWTABLE,
+                                   nftnl_flowtable_get_u32(flo, NFTNL_FLOWTABLE_FAMILY),
+                                   flags, seqnum);
+       nftnl_flowtable_nlmsg_build_payload(nlh, flo);
+       mnl_nft_batch_continue(batch);
+
+       return 0;
+}
+
 /*
  * ruleset
  */

diff --git a/src/netlink.c b/src/netlink.c
index 5b2d5e16bab337bab2b203ef1b335a12ff9e4dae..d4ed09bfc5ca5169954fb9b804936d6bd1c20393 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1547,6 +1547,24 @@ int netlink_add_flowtable(struct netlink_ctx *ctx, const struct handle *h,
        return err;
 }
 
+int netlink_delete_flowtable(struct netlink_ctx *ctx, const struct handle *h,
+                            struct location *loc)
+{
+       struct nftnl_flowtable *flo;
+       int err;
+
+       flo = alloc_nftnl_flowtable(h, NULL);
+       netlink_dump_flowtable(flo, ctx);
+
+       err = mnl_nft_flowtable_batch_del(flo, ctx->batch, 0, ctx->seqnum);
+       if (err < 0)
+               netlink_io_error(ctx, loc, "Could not delete flowtable: %s",
+                                strerror(errno));
+       nftnl_flowtable_free(flo);
+
+       return err;
+}
+
 static int list_obj_cb(struct nftnl_obj *nls, void *arg)
 {
        struct netlink_ctx *ctx = arg;

diff --git a/src/parser_bison.y b/src/parser_bison.y
index c73eddde2d5c14517184ae8ef8c597b7c6611aec..15d2432a7b1b8c634031c7a20ac722586e899404 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1047,6 +1047,10 @@ delete_cmd               :       TABLE           table_spec
                        {
                                $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SETELEM, &$2, &@$, $3);
                        }
+                       |       FLOWTABLE       flowtable_spec
+                       {
+                               $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_FLOWTABLE, &$2, &@$, NULL);
+                       }
                        |       COUNTER         obj_spec
                        {
                                $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_COUNTER, &$2, &@$, NULL);

diff --git a/src/rule.c b/src/rule.c
index 5f1c35d55ea012664c8477efa1bf50c6e9e45bdc..771b2a1275cdb95b3214f800ab8be231fd89d6ab 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -1221,6 +1221,9 @@ static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd)
        case CMD_OBJ_LIMIT:
                return netlink_delete_obj(ctx, &cmd->handle, &cmd->location,
                                          NFT_OBJECT_LIMIT);
+       case CMD_OBJ_FLOWTABLE:
+               return netlink_delete_flowtable(ctx, &cmd->handle,
+                                               &cmd->location);
        default:
                BUG("invalid command object type %u\n", cmd->obj);
        }