From ac3a68fb768b7f0e20493038139faa4704dc1846 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 12 Mar 2015 15:15:14 +0100
Subject: src: expose table flags

The nf_tables kernel API provides a way to disable a table using the
dormant flag. This patch adds the missing code to expose this feature
through nft.

Basically, if you want to disable a table and all its chains from seen
any traffic, you have to type:

 nft add table filter { flags dormant\; }

to re-enable the table, you have to:

 nft add table filter

this clears the flags.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parser_bison.y | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'src/parser_bison.y')

diff --git a/src/parser_bison.y b/src/parser_bison.y
index fd2407c8..6fc834d0 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -853,9 +853,22 @@ table_block_alloc	:	/* empty */
 			}
 			;
 
+table_options		:	FLAGS		STRING
+			{
+				if (strcmp($2, "dormant") == 0) {
+					$<table>0->flags = TABLE_F_DORMANT;
+				} else {
+					erec_queue(error(&@2, "unknown table option %s", $2),
+						   state->msgs);
+					YYERROR;
+				}
+			}
+			;
+
 table_block		:	/* empty */	{ $$ = $<table>-1; }
 			|	table_block	common_block
 			|	table_block	stmt_seperator
+			|	table_block	table_options	stmt_seperator
 			|	table_block	CHAIN		chain_identifier
 					chain_block_alloc	'{' 	chain_block	'}'
 					stmt_seperator
-- 
cgit v1.2.3