OpenWrt
/
openwrt
mirror of https://github.com/openwrt/openwrt.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122
							From: Pablo Neira Ayuso <[email protected]>
Date: Fri, 19 Jan 2018 01:41:38 +0100
Subject: [PATCH] src: delete flowtable

This patch allows you to delete an existing flowtable:

 # nft delete flowtable x m

Signed-off-by: Pablo Neira Ayuso <[email protected]>
---

--- a/include/mnl.h
+++ b/include/mnl.h
@@ -95,6 +95,9 @@ mnl_nft_flowtable_dump(struct netlink_ct
 int mnl_nft_flowtable_batch_add(struct nftnl_flowtable *flo,
 				struct nftnl_batch *batch, unsigned int flags,
 				uint32_t seqnum);
+int mnl_nft_flowtable_batch_del(struct nftnl_flowtable *flow,
+				struct nftnl_batch *batch, unsigned int flags,
+				uint32_t seqnum);
 
 struct nftnl_ruleset *mnl_nft_ruleset_dump(struct netlink_ctx *ctx,
 					   uint32_t family);
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -186,6 +186,9 @@ extern int netlink_list_flowtables(struc
 extern int netlink_add_flowtable(struct netlink_ctx *ctx,
 				 const struct handle *h, struct flowtable *ft,
 				 uint32_t flags);
+extern int netlink_delete_flowtable(struct netlink_ctx *ctx,
+				    const struct handle *h,
+				    struct location *loc);
 
 extern void netlink_dump_chain(const struct nftnl_chain *nlc,
 			       struct netlink_ctx *ctx);
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3121,6 +3121,7 @@ static int cmd_evaluate_delete(struct ev
 	case CMD_OBJ_RULE:
 	case CMD_OBJ_CHAIN:
 	case CMD_OBJ_TABLE:
+	case CMD_OBJ_FLOWTABLE:
 	case CMD_OBJ_COUNTER:
 	case CMD_OBJ_QUOTA:
 	case CMD_OBJ_CT_HELPER:
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -1027,6 +1027,22 @@ int mnl_nft_flowtable_batch_add(struct n
 	return 0;
 }
 
+int mnl_nft_flowtable_batch_del(struct nftnl_flowtable *flo,
+				struct nftnl_batch *batch, unsigned int flags,
+				uint32_t seqnum)
+{
+	struct nlmsghdr *nlh;
+
+	nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+				    NFT_MSG_DELFLOWTABLE,
+				    nftnl_flowtable_get_u32(flo, NFTNL_FLOWTABLE_FAMILY),
+				    flags, seqnum);
+	nftnl_flowtable_nlmsg_build_payload(nlh, flo);
+	mnl_nft_batch_continue(batch);
+
+	return 0;
+}
+
 /*
  * ruleset
  */
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1831,6 +1831,24 @@ int netlink_add_flowtable(struct netlink
 	return err;
 }
 
+int netlink_delete_flowtable(struct netlink_ctx *ctx, const struct handle *h,
+			     struct location *loc)
+{
+	struct nftnl_flowtable *flo;
+	int err;
+
+	flo = alloc_nftnl_flowtable(h, NULL);
+	netlink_dump_flowtable(flo, ctx);
+
+	err = mnl_nft_flowtable_batch_del(flo, ctx->batch, 0, ctx->seqnum);
+	if (err < 0)
+		netlink_io_error(ctx, loc, "Could not delete flowtable: %s",
+				 strerror(errno));
+	nftnl_flowtable_free(flo);
+
+	return err;
+}
+
 static int list_obj_cb(struct nftnl_obj *nls, void *arg)
 {
 	struct netlink_ctx *ctx = arg;
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1024,6 +1024,10 @@ delete_cmd		:	TABLE		table_spec
 			{
 				$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SETELEM, &$2, &@$, $3);
 			}
+			|	FLOWTABLE	flowtable_spec
+			{
+				$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_FLOWTABLE, &$2, &@$, NULL);
+			}
 			|	COUNTER		obj_spec
 			{
 				$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_COUNTER, &$2, &@$, NULL);
--- a/src/rule.c
+++ b/src/rule.c
@@ -1177,6 +1177,9 @@ static int do_command_delete(struct netl
 	case CMD_OBJ_LIMIT:
 		return netlink_delete_obj(ctx, &cmd->handle, &cmd->location,
 					  NFT_OBJECT_LIMIT);
+	case CMD_OBJ_FLOWTABLE:
+		return netlink_delete_flowtable(ctx, &cmd->handle,
+						&cmd->location);
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
 	}