diff options
author | Harsha Sharma <harshasharmaiitr@gmail.com> | 2018-01-19 00:22:56 +0530 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-05 17:53:08 +0100 |
commit | 832b2862df471e45142ea2f2a459723b4ad6f4eb (patch) | |
tree | 8fdd0e7bb884567433c0e692cb90a105afbfdc3f | |
parent | 9807bc39fd89431a6e26205eb1f86b949d505bde (diff) |
src: extend nft to list object handle and delete objects via handle
Print handle attributes in objects when listing via '-a' option and
delete objects via their unique object handles.
For e.g.
nft delete [<object-type>] [<family>] <table-name> [handle <handle>]
Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 2 | ||||
-rw-r--r-- | src/netlink.c | 5 | ||||
-rw-r--r-- | src/parser_bison.y | 24 |
3 files changed, 29 insertions, 2 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index f311ab9f..517a39a0 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -1304,6 +1304,7 @@ enum nft_ct_helper_attributes { * * @NFTA_OBJ_TABLE: name of the table containing the expression (NLA_STRING) * @NFTA_OBJ_NAME: name of this expression type (NLA_STRING) + * @NFTA_OBJ_HANDLE: numeric handle of object (NLA_U64) * @NFTA_OBJ_TYPE: stateful object type (NLA_U32) * @NFTA_OBJ_DATA: stateful object data (NLA_NESTED) * @NFTA_OBJ_USE: number of references to this expression (NLA_U32) @@ -1315,6 +1316,7 @@ enum nft_object_attributes { NFTA_OBJ_TYPE, NFTA_OBJ_DATA, NFTA_OBJ_USE, + NFTA_OBJ_HANDLE, __NFTA_OBJ_MAX }; #define NFTA_OBJ_MAX (__NFTA_OBJ_MAX - 1) diff --git a/src/netlink.c b/src/netlink.c index eaefbb5f..906568fe 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -297,6 +297,8 @@ __alloc_nftnl_obj(const struct handle *h, uint32_t type) nftnl_obj_set_str(nlo, NFTNL_OBJ_NAME, h->obj); nftnl_obj_set_u32(nlo, NFTNL_OBJ_TYPE, type); + if (h->handle.id) + nftnl_obj_set_u64(nlo, NFTNL_OBJ_HANDLE, h->handle.id); return nlo; } @@ -1457,6 +1459,8 @@ static struct obj *netlink_delinearize_obj(struct netlink_ctx *ctx, xstrdup(nftnl_obj_get_str(nlo, NFTNL_OBJ_TABLE)); obj->handle.obj = xstrdup(nftnl_obj_get_str(nlo, NFTNL_OBJ_NAME)); + obj->handle.handle.id = + nftnl_obj_get_u64(nlo, NFTNL_OBJ_HANDLE); type = nftnl_obj_get_u32(nlo, NFTNL_OBJ_TYPE); switch (type) { @@ -2419,6 +2423,7 @@ static void netlink_events_cache_delobj(struct netlink_mon_handler *monh, name = nftnl_obj_get_str(nlo, NFTNL_OBJ_NAME); type = nftnl_obj_get_u32(nlo, NFTNL_OBJ_TYPE); + h.handle.id = nftnl_obj_get_u64(nlo, NFTNL_OBJ_HANDLE); t = table_lookup(&h, monh->cache); if (t == NULL) { diff --git a/src/parser_bison.y b/src/parser_bison.y index d4481ad6..e96340d9 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -509,8 +509,8 @@ int nft_lex(void *, void *, void *); %type <handle> table_spec tableid_spec chain_spec chainid_spec flowtable_spec chain_identifier ruleid_spec handle_spec position_spec rule_position ruleset_spec %destructor { handle_free(&$$); } table_spec tableid_spec chain_spec chainid_spec flowtable_spec chain_identifier ruleid_spec handle_spec position_spec rule_position ruleset_spec -%type <handle> set_spec setid_spec set_identifier flowtable_identifier obj_spec obj_identifier -%destructor { handle_free(&$$); } set_spec setid_spec set_identifier obj_spec obj_identifier +%type <handle> set_spec setid_spec set_identifier flowtable_identifier obj_spec objid_spec obj_identifier +%destructor { handle_free(&$$); } set_spec setid_spec set_identifier obj_spec objid_spec obj_identifier %type <val> family_spec family_spec_explicit chain_policy prio_spec %type <string> dev_spec quota_unit @@ -1068,10 +1068,18 @@ delete_cmd : TABLE table_spec { $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_COUNTER, &$2, &@$, NULL); } + | COUNTER objid_spec + { + $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_COUNTER, &$2, &@$, NULL); + } | QUOTA obj_spec { $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_QUOTA, &$2, &@$, NULL); } + | QUOTA objid_spec + { + $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_QUOTA, &$2, &@$, NULL); + } | CT ct_obj_type obj_spec ct_obj_alloc { $$ = cmd_alloc_obj_ct(CMD_DELETE, $2, &$3, &@$, $4); @@ -1080,6 +1088,10 @@ delete_cmd : TABLE table_spec { $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_LIMIT, &$2, &@$, NULL); } + | LIMIT objid_spec + { + $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_LIMIT, &$2, &@$, NULL); + } ; list_cmd : TABLE table_spec @@ -1897,6 +1909,14 @@ obj_spec : table_spec identifier } ; +objid_spec : table_spec HANDLE NUM + { + $$ = $1; + $$.handle.location = @$; + $$.handle.id = $3; + } + ; + obj_identifier : identifier { memset(&$$, 0, sizeof($$)); |