diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-12 15:15:14 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-17 17:26:03 +0100 |
commit | ac3a68fb768b7f0e20493038139faa4704dc1846 (patch) | |
tree | 1a9010abd009fd6631579b2278a7d2abffa58142 /include/rule.h | |
parent | a8018eaf35636ac7fc26387f84b4b978db14546f (diff) |
src: expose table flags
The nf_tables kernel API provides a way to disable a table using the
dormant flag. This patch adds the missing code to expose this feature
through nft.
Basically, if you want to disable a table and all its chains from seen
any traffic, you have to type:
nft add table filter { flags dormant\; }
to re-enable the table, you have to:
nft add table filter
this clears the flags.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/rule.h')
-rw-r--r-- | include/rule.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h index 491411eb..90836bc4 100644 --- a/include/rule.h +++ b/include/rule.h @@ -63,6 +63,10 @@ extern void symbol_bind(struct scope *scope, const char *identifier, extern struct symbol *symbol_lookup(const struct scope *scope, const char *identifier); +enum table_flags { + TABLE_F_DORMANT = (1 << 0), +}; + /** * struct table - nftables table * @@ -71,6 +75,7 @@ extern struct symbol *symbol_lookup(const struct scope *scope, * @location: location the table was defined at * @chains: chains contained in the table * @sets: sets contained in the table + * @flags: table flags */ struct table { struct list_head list; @@ -79,6 +84,7 @@ struct table { struct scope scope; struct list_head chains; struct list_head sets; + enum table_flags flags; }; extern struct table *table_alloc(void); |