diff options
author | Eric Leblond <eric@regit.org> | 2013-10-03 01:08:07 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-10-03 12:39:38 +0200 |
commit | 80d48113ed2d9d1426070405dc8ad6ed896e98f2 (patch) | |
tree | 19cdf593c696ca7b7ec4aff813caad25812dd1fe /src/netlink.c | |
parent | aa6a7380410670567253ef3b71e90caeff442651 (diff) |
netlink: only flush asked table/chain
The flush operation was not limiting the flush to the table or
chain specified on command line. The result was that all the rules
for a given family are flush independantly of the flush command.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink.c')
-rw-r--r-- | src/netlink.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/netlink.c b/src/netlink.c index 6f3002bc..f75cef76 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -425,8 +425,15 @@ static int netlink_list_rules(struct netlink_ctx *ctx, const struct handle *h, static int flush_rule_cb(struct nft_rule *nlr, void *arg) { struct netlink_ctx *ctx = arg; + const struct handle *h = ctx->data; int err; + if ((h->table && + strcmp(nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_TABLE), h->table) != 0) || + (h->chain && + strcmp(nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_CHAIN), h->chain) != 0)) + return 0; + netlink_dump_rule(nlr); err = mnl_nft_rule_batch_del(nlr, 0, ctx->seqnum); if (err < 0) { @@ -448,6 +455,7 @@ static int netlink_flush_rules(struct netlink_ctx *ctx, const struct handle *h, "Could not receive rules from kernel: %s", strerror(errno)); + ctx->data = h; mnl_batch_begin(); nft_rule_list_foreach(rule_cache, flush_rule_cb, ctx); nft_rule_list_free(rule_cache); |