From 6d085b22a8b5165406b5727ccf21a91ac5b97136 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 20 Feb 2021 16:18:03 +0100
Subject: table: support for the table owner flag

Add new flag to allow userspace process to own tables: Tables that have
an owner can only be updated/destroyed by the owner. The table is
destroyed either if the owner process calls nft_ctx_free() or owner
process is terminated (implicit table release).

The ruleset listing includes the program name that owns the table:

 nft> list ruleset
 table ip x { # progname nft
        flags owner

        chain y {
                type filter hook input priority filter; policy accept;
                counter packets 1 bytes 309
        }
 }

Original code to pretty print the netlink portID to program name has
been extracted from the conntrack userspace utility.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/netlink.c')

diff --git a/src/netlink.c b/src/netlink.c
index c3887d5b..8c86789b 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -614,6 +614,7 @@ struct table *netlink_delinearize_table(struct netlink_ctx *ctx,
 	table->handle.table.name = xstrdup(nftnl_table_get_str(nlt, NFTNL_TABLE_NAME));
 	table->flags	     = nftnl_table_get_u32(nlt, NFTNL_TABLE_FLAGS);
 	table->handle.handle.id = nftnl_table_get_u64(nlt, NFTNL_TABLE_HANDLE);
+	table->owner	     = nftnl_table_get_u32(nlt, NFTNL_TABLE_OWNER);
 
 	if (nftnl_table_is_set(nlt, NFTNL_TABLE_USERDATA)) {
 		udata = nftnl_table_get_data(nlt, NFTNL_TABLE_USERDATA, &ulen);
-- 
cgit v1.2.3