From patchwork Thu Jan 18 18:52:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harsha Sharma X-Patchwork-Id: 863095 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="XP+hYr0p"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zMtQ559bfz9sDB for ; Fri, 19 Jan 2018 05:53:17 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755243AbeARSxR (ORCPT ); Thu, 18 Jan 2018 13:53:17 -0500 Received: from mail-pg0-f68.google.com ([74.125.83.68]:38284 "EHLO mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752368AbeARSxQ (ORCPT ); Thu, 18 Jan 2018 13:53:16 -0500 Received: by mail-pg0-f68.google.com with SMTP id y27so9019014pgc.5 for ; Thu, 18 Jan 2018 10:53:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=7ghZy9ZfwQmVGsahDdiJy95Hr4o84kcXhB5hhHMKLE0=; b=XP+hYr0pARvShT/eCOqvM+z6EFzCX4gQsv0QDw4s/6HhBJnugByR6lPlHXoHk+5i/T OggpYzN09oE917xR2/0vDLQhlwL80e53gUyWmVqZsjE8TNX/HXiE1JarjW649DE9Wb0C FY+gXvHxFlwi2jeLq5NzhvyGLricHiuPuZgN+AZrW/tMsCnXi1i9PS6vCthCLj9KMp59 0KBeBqffSj1QK6IoevQHHBLiU2Hu4cRIrqiTRek3ALYoNDwRXKzfD0JvCDn6MKCQ4ImH /7RppQHzTfYq1dKcBSdZWM/sw1fjjo4w8HL42XS4/az7/9WiijzjyEKZweIiiRO/pTMk OpWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=7ghZy9ZfwQmVGsahDdiJy95Hr4o84kcXhB5hhHMKLE0=; b=b/qQJ+3rjeSDPMlG5GoUwUDerhDPU9LPxExJiwt9svOyPQtuixZK5MDo5/jDx998jE gFgm+Rz12FKiRgKPn2oS7NT0H4hRrnL5H+JnhX8J8TwkkrH/xL08yvqpVzb0TRD04EWj 6P+ouPbEpCj1X5ljTmcGRSzxRybF4iJ72ainNwhol883+1v/BSeNrYRuWkYpXzKWXYnH 07yHrYmqqRO0IEjsaWmhSKVA4f7PEMJ2zSRbgphcwzddjeO7gvPsFrscAzCguD2LNga9 atGINUXJ8PYPyiVIt5Ti1QvZm4Qp1RuO4BcAUHGy5ZQqtVqSGCT8tevT8yzxEnACh9/2 lc4A== X-Gm-Message-State: AKwxyteQO9AKpLjkLXf9aL6G3raeWK3XCD8ZZP3IwKqjBayaDO8lsmRa nbhib2Rvd7+BOLDXrnR679c= X-Google-Smtp-Source: ACJfBovCAxZatDPTV9R7xpn3J0ESeehI+kyhv4k4YCINCCdh+f+swKNqPCcZj5+i2L2W5Ur9EV+XIQ== X-Received: by 10.101.72.143 with SMTP id n15mr22407349pgs.181.1516301595845; Thu, 18 Jan 2018 10:53:15 -0800 (PST) Received: from localhost.localdomain ([103.37.201.122]) by smtp.gmail.com with ESMTPSA id s65sm14868369pfk.7.2018.01.18.10.53.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 Jan 2018 10:53:15 -0800 (PST) From: Harsha Sharma To: pablo@netfilter.org, harshasharmaiitr@gmail.com Cc: netfilter-devel@vger.kernel.org Subject: [PATCH] src: extend nft to list object handle and delete objects via handle Date: Fri, 19 Jan 2018 00:22:56 +0530 Message-Id: <20180118185256.8842-1-harshasharmaiitr@gmail.com> X-Mailer: git-send-email 2.11.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Print handle attributes in objects when listing via '-a' option and delete objects via their unique object handles. For e.g. nft delete [] [] [handle ] Signed-off-by: Harsha Sharma --- include/linux/netfilter/nf_tables.h | 2 ++ src/netlink.c | 5 +++++ src/parser_bison.y | 24 ++++++++++++++++++++++-- src/rule.c | 5 ++++- 4 files changed, 33 insertions(+), 3 deletions(-) diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index a4c88ff..8609925 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -1291,6 +1291,7 @@ enum nft_ct_helper_attributes { * * @NFTA_OBJ_TABLE: name of the table containing the expression (NLA_STRING) * @NFTA_OBJ_NAME: name of this expression type (NLA_STRING) + * @NFTA_OBJ_HANDLE: numeric handle of object (NLA_U64) * @NFTA_OBJ_TYPE: stateful object type (NLA_U32) * @NFTA_OBJ_DATA: stateful object data (NLA_NESTED) * @NFTA_OBJ_USE: number of references to this expression (NLA_U32) @@ -1302,6 +1303,7 @@ enum nft_object_attributes { NFTA_OBJ_TYPE, NFTA_OBJ_DATA, NFTA_OBJ_USE, + NFTA_OBJ_HANDLE, __NFTA_OBJ_MAX }; #define NFTA_OBJ_MAX (__NFTA_OBJ_MAX - 1) diff --git a/src/netlink.c b/src/netlink.c index ef18a9c..740f0ff 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -293,6 +293,8 @@ __alloc_nftnl_obj(const struct handle *h, uint32_t type) nftnl_obj_set_str(nlo, NFTNL_OBJ_NAME, h->obj); nftnl_obj_set_u32(nlo, NFTNL_OBJ_TYPE, type); + if (h->handle.id) + nftnl_obj_set_u64(nlo, NFTNL_OBJ_HANDLE, h->handle.id); return nlo; } @@ -1727,6 +1729,8 @@ static struct obj *netlink_delinearize_obj(struct netlink_ctx *ctx, xstrdup(nftnl_obj_get_str(nlo, NFTNL_OBJ_TABLE)); obj->handle.obj = xstrdup(nftnl_obj_get_str(nlo, NFTNL_OBJ_NAME)); + obj->handle.handle.id = + nftnl_obj_get_u64(nlo, NFTNL_OBJ_HANDLE); type = nftnl_obj_get_u32(nlo, NFTNL_OBJ_TYPE); switch (type) { @@ -2545,6 +2549,7 @@ static void netlink_events_cache_delobj(struct netlink_mon_handler *monh, name = nftnl_obj_get_str(nlo, NFTNL_OBJ_NAME); type = nftnl_obj_get_u32(nlo, NFTNL_OBJ_TYPE); + h.handle.id = nftnl_obj_get_u64(nlo, NFTNL_OBJ_HANDLE); t = table_lookup(&h, monh->cache); if (t == NULL) { diff --git a/src/parser_bison.y b/src/parser_bison.y index 5290207..2aded4f 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -497,8 +497,8 @@ int nft_lex(void *, void *, void *); %type table_spec tableid_spec chain_spec chainid_spec chain_identifier ruleid_spec handle_spec position_spec rule_position ruleset_spec %destructor { handle_free(&$$); } table_spec tableid_spec chain_spec chainid_spec chain_identifier ruleid_spec handle_spec position_spec rule_position ruleset_spec -%type set_spec setid_spec set_identifier obj_spec obj_identifier -%destructor { handle_free(&$$); } set_spec setid_spec set_identifier obj_spec obj_identifier +%type set_spec setid_spec set_identifier obj_spec objid_spec obj_identifier +%destructor { handle_free(&$$); } set_spec setid_spec set_identifier obj_spec objid_spec obj_identifier %type family_spec family_spec_explicit chain_policy prio_spec %type dev_spec quota_unit @@ -1014,10 +1014,18 @@ delete_cmd : TABLE table_spec { $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_COUNTER, &$2, &@$, NULL); } + | COUNTER objid_spec + { + $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_COUNTER, &$2, &@$, NULL); + } | QUOTA obj_spec { $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_QUOTA, &$2, &@$, NULL); } + | QUOTA objid_spec + { + $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_QUOTA, &$2, &@$, NULL); + } | CT ct_obj_type obj_spec ct_obj_alloc { $$ = cmd_alloc_obj_ct(CMD_DELETE, $2, &$3, &@$, $4); @@ -1026,6 +1034,10 @@ delete_cmd : TABLE table_spec { $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_LIMIT, &$2, &@$, NULL); } + | LIMIT objid_spec + { + $$ = cmd_alloc(CMD_DELETE, CMD_OBJ_LIMIT, &$2, &@$, NULL); + } ; list_cmd : TABLE table_spec @@ -1732,6 +1744,14 @@ obj_spec : table_spec identifier } ; +objid_spec : table_spec HANDLE NUM + { + $$ = $1; + $$.handle.location = @$; + $$.handle.id = $3; + } + ; + obj_identifier : identifier { memset(&$$, 0, sizeof($$)); diff --git a/src/rule.c b/src/rule.c index 35f67b7..fd90fa6 100644 --- a/src/rule.c +++ b/src/rule.c @@ -1397,7 +1397,10 @@ static void obj_print_declaration(const struct obj *obj, obj_print_data(obj, opts, octx); - nft_print(octx, "%s%s}%s", opts->nl, opts->tab, opts->nl); + nft_print(octx, "%s%s}", opts->nl, opts->tab); + if (octx->handle > 0) + nft_print(octx, " # handle %" PRIu64, obj->handle.handle.id); + nft_print(octx, "%s", opts->nl); } void obj_print(const struct obj *obj, struct output_ctx *octx)