diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-12 15:15:14 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-17 17:26:03 +0100 |
| commit | ac3a68fb768b7f0e20493038139faa4704dc1846 (patch) | |
| tree | 1a9010abd009fd6631579b2278a7d2abffa58142 /include | |
| parent | a8018eaf35636ac7fc26387f84b4b978db14546f (diff) | |
src: expose table flags
The nf_tables kernel API provides a way to disable a table using the
dormant flag. This patch adds the missing code to expose this feature
through nft.
Basically, if you want to disable a table and all its chains from seen
any traffic, you have to type:
nft add table filter { flags dormant\; }
to re-enable the table, you have to:
nft add table filter
this clears the flags.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/netlink.h | 2 | ||||
| -rw-r--r-- | include/rule.h | 6 |
2 files changed, 7 insertions, 1 deletions
diff --git a/include/netlink.h b/include/netlink.h index 4f794707..c1ff9c60 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -108,7 +108,7 @@ extern int netlink_delete_table(struct netlink_ctx *ctx, const struct handle *h, extern int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc); extern int netlink_get_table(struct netlink_ctx *ctx, const struct handle *h, - const struct location *loc); + const struct location *loc, struct table *table); extern int netlink_list_table(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc); extern int netlink_flush_table(struct netlink_ctx *ctx, const struct handle *h, diff --git a/include/rule.h b/include/rule.h index 491411eb..90836bc4 100644 --- a/include/rule.h +++ b/include/rule.h @@ -63,6 +63,10 @@ extern void symbol_bind(struct scope *scope, const char *identifier, extern struct symbol *symbol_lookup(const struct scope *scope, const char *identifier); +enum table_flags { + TABLE_F_DORMANT = (1 << 0), +}; + /** * struct table - nftables table * @@ -71,6 +75,7 @@ extern struct symbol *symbol_lookup(const struct scope *scope, * @location: location the table was defined at * @chains: chains contained in the table * @sets: sets contained in the table + * @flags: table flags */ struct table { struct list_head list; @@ -79,6 +84,7 @@ struct table { struct scope scope; struct list_head chains; struct list_head sets; + enum table_flags flags; }; extern struct table *table_alloc(void); |