From 6d085b22a8b5165406b5727ccf21a91ac5b97136 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 20 Feb 2021 16:18:03 +0100
Subject: table: support for the table owner flag

Add new flag to allow userspace process to own tables: Tables that have
an owner can only be updated/destroyed by the owner. The table is
destroyed either if the owner process calls nft_ctx_free() or owner
process is terminated (implicit table release).

The ruleset listing includes the program name that owns the table:

 nft> list ruleset
 table ip x { # progname nft
        flags owner

        chain y {
                type filter hook input priority filter; policy accept;
                counter packets 1 bytes 309
        }
 }

Original code to pretty print the netlink portID to program name has
been extracted from the conntrack userspace utility.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parser_bison.y | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/parser_bison.y')

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 2d5d8e48..a2c15018 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1553,7 +1553,10 @@ table_block_alloc	:	/* empty */
 table_options		:	FLAGS		STRING
 			{
 				if (strcmp($2, "dormant") == 0) {
-					$<table>0->flags = TABLE_F_DORMANT;
+					$<table>0->flags |= TABLE_F_DORMANT;
+					xfree($2);
+				} else if (strcmp($2, "owner") == 0) {
+					$<table>0->flags |= TABLE_F_OWNER;
 					xfree($2);
 				} else {
 					erec_queue(error(&@2, "unknown table option %s", $2),
-- 
cgit v1.2.3