diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-02-20 16:18:03 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-03-02 11:08:49 +0100 |
| commit | 6d085b22a8b5165406b5727ccf21a91ac5b97136 (patch) | |
| tree | 6f343e53b5a6da34ee05a665b8bfd7c84605534f /src/parser_bison.y | |
| parent | 4722cfeed34c2333989aa88d9e0b5e4ed89f3280 (diff) | |
table: support for the table owner flag
Add new flag to allow userspace process to own tables: Tables that have
an owner can only be updated/destroyed by the owner. The table is
destroyed either if the owner process calls nft_ctx_free() or owner
process is terminated (implicit table release).
The ruleset listing includes the program name that owns the table:
nft> list ruleset
table ip x { # progname nft
flags owner
chain y {
type filter hook input priority filter; policy accept;
counter packets 1 bytes 309
}
}
Original code to pretty print the netlink portID to program name has
been extracted from the conntrack userspace utility.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser_bison.y')
| -rw-r--r-- | src/parser_bison.y | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 2d5d8e48..a2c15018 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1553,7 +1553,10 @@ table_block_alloc : /* empty */ table_options : FLAGS STRING { if (strcmp($2, "dormant") == 0) { - $<table>0->flags = TABLE_F_DORMANT; + $<table>0->flags |= TABLE_F_DORMANT; + xfree($2); + } else if (strcmp($2, "owner") == 0) { + $<table>0->flags |= TABLE_F_OWNER; xfree($2); } else { erec_queue(error(&@2, "unknown table option %s", $2), |