From f1f6c326d78594fd0dc279d4870502addcd6fcc2 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 19 Jan 2018 01:41:38 +0100
Subject: src: delete flowtable

This patch allows you to delete an existing flowtable:

 # nft delete flowtable x m

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/evaluate.c     |  1 +
 src/mnl.c          | 16 ++++++++++++++++
 src/netlink.c      | 18 ++++++++++++++++++
 src/parser_bison.y |  4 ++++
 src/rule.c         |  3 +++
 5 files changed, 42 insertions(+)

(limited to 'src')

diff --git a/src/evaluate.c b/src/evaluate.c
index 9da185c9..51841136 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3134,6 +3134,7 @@ static int cmd_evaluate_delete(struct eval_ctx *ctx, struct cmd *cmd)
 	case CMD_OBJ_RULE:
 	case CMD_OBJ_CHAIN:
 	case CMD_OBJ_TABLE:
+	case CMD_OBJ_FLOWTABLE:
 	case CMD_OBJ_COUNTER:
 	case CMD_OBJ_QUOTA:
 	case CMD_OBJ_CT_HELPER:
diff --git a/src/mnl.c b/src/mnl.c
index be6e05da..f620a3bd 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -1027,6 +1027,22 @@ int mnl_nft_flowtable_batch_add(struct nftnl_flowtable *flo,
 	return 0;
 }
 
+int mnl_nft_flowtable_batch_del(struct nftnl_flowtable *flo,
+				struct nftnl_batch *batch, unsigned int flags,
+				uint32_t seqnum)
+{
+	struct nlmsghdr *nlh;
+
+	nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+				    NFT_MSG_DELFLOWTABLE,
+				    nftnl_flowtable_get_u32(flo, NFTNL_FLOWTABLE_FAMILY),
+				    flags, seqnum);
+	nftnl_flowtable_nlmsg_build_payload(nlh, flo);
+	mnl_nft_batch_continue(batch);
+
+	return 0;
+}
+
 /*
  * ruleset
  */
diff --git a/src/netlink.c b/src/netlink.c
index 5b2d5e16..d4ed09bf 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1547,6 +1547,24 @@ int netlink_add_flowtable(struct netlink_ctx *ctx, const struct handle *h,
 	return err;
 }
 
+int netlink_delete_flowtable(struct netlink_ctx *ctx, const struct handle *h,
+			     struct location *loc)
+{
+	struct nftnl_flowtable *flo;
+	int err;
+
+	flo = alloc_nftnl_flowtable(h, NULL);
+	netlink_dump_flowtable(flo, ctx);
+
+	err = mnl_nft_flowtable_batch_del(flo, ctx->batch, 0, ctx->seqnum);
+	if (err < 0)
+		netlink_io_error(ctx, loc, "Could not delete flowtable: %s",
+				 strerror(errno));
+	nftnl_flowtable_free(flo);
+
+	return err;
+}
+
 static int list_obj_cb(struct nftnl_obj *nls, void *arg)
 {
 	struct netlink_ctx *ctx = arg;
diff --git a/src/parser_bison.y b/src/parser_bison.y
index c73eddde..15d2432a 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1047,6 +1047,10 @@ delete_cmd		:	TABLE		table_spec
 			{
 				$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_SETELEM, &$2, &@$, $3);
 			}
+			|	FLOWTABLE	flowtable_spec
+			{
+				$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_FLOWTABLE, &$2, &@$, NULL);
+			}
 			|	COUNTER		obj_spec
 			{
 				$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_COUNTER, &$2, &@$, NULL);
diff --git a/src/rule.c b/src/rule.c
index 5f1c35d5..771b2a12 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1221,6 +1221,9 @@ static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd)
 	case CMD_OBJ_LIMIT:
 		return netlink_delete_obj(ctx, &cmd->handle, &cmd->location,
 					  NFT_OBJECT_LIMIT);
+	case CMD_OBJ_FLOWTABLE:
+		return netlink_delete_flowtable(ctx, &cmd->handle,
+						&cmd->location);
 	default:
 		BUG("invalid command object type %u\n", cmd->obj);
 	}
-- 
cgit v1.2.3