Patchwork [nftables,3/4] netlink: only flush asked table/chain

login
register
mail settings
Submitter Eric Leblond
Date Oct. 2, 2013, 11:08 p.m.
Message ID <1380755288-17587-4-git-send-email-eric@regit.org>
Download mbox | patch
Permalink /patch/280189/
State Accepted
Headers show

Comments

Eric Leblond - Oct. 2, 2013, 11:08 p.m.
The flush operation was not limiting the flush to the table or
chain specified on command line. The result was that all the rules
for a given family are flush independantly of the flush command.

Signed-off-by: Eric Leblond <eric@regit.org>
---
 src/netlink.c | 8 ++++++++
 1 file changed, 8 insertions(+)

Patch

diff --git a/src/netlink.c b/src/netlink.c
index 6f3002b..f75cef7 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -425,8 +425,15 @@  static int netlink_list_rules(struct netlink_ctx *ctx, const struct handle *h,
 static int flush_rule_cb(struct nft_rule *nlr, void *arg)
 {
 	struct netlink_ctx *ctx = arg;
+	const struct handle *h = ctx->data;
 	int err;
 
+	if ((h->table &&
+	    strcmp(nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_TABLE), h->table) != 0) ||
+	    (h->chain &&
+	     strcmp(nft_rule_attr_get_str(nlr, NFT_RULE_ATTR_CHAIN), h->chain) != 0))
+		return 0;
+
 	netlink_dump_rule(nlr);
 	err = mnl_nft_rule_batch_del(nlr, 0, ctx->seqnum);
 	if (err < 0) {
@@ -448,6 +455,7 @@  static int netlink_flush_rules(struct netlink_ctx *ctx, const struct handle *h,
 					"Could not receive rules from kernel: %s",
 					strerror(errno));
 
+	ctx->data = h;
 	mnl_batch_begin();
 	nft_rule_list_foreach(rule_cache, flush_rule_cb, ctx);
 	nft_rule_list_free(rule_cache);