src: expose table flags

The nf_tables kernel API provides a way to disable a table using the dormant flag. This patch adds the missing code to expose this feature through nft. Basically, if you want to disable a table and all its chains from seen any traffic, you have to type: nft add table filter { flags dormant\; } to re-enable the table, you have to: nft add table filter this clears the flags. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2015-03-12 15:15:14 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-03-17 17:26:03 +0100
commit: ac3a68fb768b7f0e20493038139faa4704dc1846 (patch)
tree: 1a9010abd009fd6631579b2278a7d2abffa58142 /src/mnl.c
parent: a8018eaf35636ac7fc26387f84b4b978db14546f (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/mnl.c b/src/mnl.c
index f48ead5f..89c2bb5e 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -707,6 +707,8 @@ int mnl_nft_table_get(struct mnl_socket *nf_sock, struct nft_table *nlt,
 	nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE,
 					nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY),
 					NLM_F_ACK, seq);
+	nft_table_nlmsg_build_payload(nlh, nlt);
+
 	return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, table_get_cb, nlt);
 }
author	Pablo Neira Ayuso <pablo@netfilter.org>	2015-03-12 15:15:14 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-03-17 17:26:03 +0100
commit	ac3a68fb768b7f0e20493038139faa4704dc1846 (patch)
tree	1a9010abd009fd6631579b2278a7d2abffa58142 /src/mnl.c
parent	a8018eaf35636ac7fc26387f84b4b978db14546f (diff)