diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-12 15:15:14 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-17 17:26:03 +0100 |
commit | ac3a68fb768b7f0e20493038139faa4704dc1846 (patch) | |
tree | 1a9010abd009fd6631579b2278a7d2abffa58142 /src/mnl.c | |
parent | a8018eaf35636ac7fc26387f84b4b978db14546f (diff) |
src: expose table flags
The nf_tables kernel API provides a way to disable a table using the
dormant flag. This patch adds the missing code to expose this feature
through nft.
Basically, if you want to disable a table and all its chains from seen
any traffic, you have to type:
nft add table filter { flags dormant\; }
to re-enable the table, you have to:
nft add table filter
this clears the flags.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/mnl.c')
-rw-r--r-- | src/mnl.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -707,6 +707,8 @@ int mnl_nft_table_get(struct mnl_socket *nf_sock, struct nft_table *nlt, nlh = nft_table_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY), NLM_F_ACK, seq); + nft_table_nlmsg_build_payload(nlh, nlt); + return nft_mnl_talk(nf_sock, nlh, nlh->nlmsg_len, table_get_cb, nlt); } |