diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-02-20 16:18:03 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-03-02 11:08:49 +0100 |
commit | 6d085b22a8b5165406b5727ccf21a91ac5b97136 (patch) | |
tree | 6f343e53b5a6da34ee05a665b8bfd7c84605534f /include/rule.h | |
parent | 4722cfeed34c2333989aa88d9e0b5e4ed89f3280 (diff) |
table: support for the table owner flag
Add new flag to allow userspace process to own tables: Tables that have
an owner can only be updated/destroyed by the owner. The table is
destroyed either if the owner process calls nft_ctx_free() or owner
process is terminated (implicit table release).
The ruleset listing includes the program name that owns the table:
nft> list ruleset
table ip x { # progname nft
flags owner
chain y {
type filter hook input priority filter; policy accept;
counter packets 1 bytes 309
}
}
Original code to pretty print the netlink portID to program name has
been extracted from the conntrack userspace utility.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/rule.h')
-rw-r--r-- | include/rule.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/include/rule.h b/include/rule.h index 87b6828e..523435f6 100644 --- a/include/rule.h +++ b/include/rule.h @@ -131,8 +131,9 @@ struct symbol *symbol_get(const struct scope *scope, const char *identifier); enum table_flags { TABLE_F_DORMANT = (1 << 0), + TABLE_F_OWNER = (1 << 1), }; -#define TABLE_FLAGS_MAX 1 +#define TABLE_FLAGS_MAX 2 const char *table_flag_name(uint32_t flag); @@ -162,6 +163,7 @@ struct table { struct list_head chain_bindings; enum table_flags flags; unsigned int refcnt; + uint32_t owner; const char *comment; }; |