diff options
author | Phil Sutter <phil@nwl.cc> | 2022-10-14 23:19:22 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-01-18 14:58:48 +0100 |
commit | 1694df2de79f39c5037f82601e02226022b2e38f (patch) | |
tree | 57c6b99a1c7de8a414b5693e86cd6cf36816fd42 /src/netlink.c | |
parent | ce04d25b4a116ef04f27d0b71994f61a24114d6d (diff) |
Implement 'reset rule' and 'reset rules' commands
Reset rule counters and quotas in kernel, i.e. without having to reload
them. Requires respective kernel patch to support NFT_MSG_GETRULE_RESET
message type.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'src/netlink.c')
-rw-r--r-- | src/netlink.c | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/src/netlink.c b/src/netlink.c index efae1251..f1452d48 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -1767,6 +1767,55 @@ int netlink_reset_objs(struct netlink_ctx *ctx, const struct cmd *cmd, return err; } +int netlink_reset_rules(struct netlink_ctx *ctx, const struct cmd *cmd, + bool dump) +{ + const struct handle *h = &cmd->handle; + struct nft_cache_filter f = { + .list.table = h->table.name, + .list.chain = h->chain.name, + .list.rule_handle = h->handle.id, + }; + struct rule *rule, *next, *crule, *cnext; + struct table *table; + struct chain *chain; + int ret; + + ret = rule_cache_dump(ctx, h, &f, dump, true); + + list_for_each_entry_safe(rule, next, &ctx->list, list) { + table = table_cache_find(&ctx->nft->cache.table_cache, + rule->handle.table.name, + rule->handle.family); + if (!table) + continue; + + chain = chain_cache_find(table, rule->handle.chain.name); + if (!chain) + continue; + + list_del(&rule->list); + list_for_each_entry_safe(crule, cnext, &chain->rules, list) { + if (crule->handle.handle.id != rule->handle.handle.id) + continue; + + list_replace(&crule->list, &rule->list); + rule_free(crule); + rule = NULL; + break; + } + if (rule) { + list_add_tail(&rule->list, &chain->rules); + } + } + list_for_each_entry_safe(rule, next, &ctx->list, list) { + list_del(&rule->list); + rule_free(rule); + } + + return ret; +} + struct flowtable * netlink_delinearize_flowtable(struct netlink_ctx *ctx, struct nftnl_flowtable *nlo) |