From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH] netfilter: nf_tables: fix missing rules flushing per table
Date: Sat, 7 Dec 2013 23:36:37 +0100 [thread overview]
Message-ID: <20131207223637.GB4050@localhost> (raw)
In-Reply-To: <1386331159-4104-1-git-send-email-pablo@netfilter.org>
On Fri, Dec 06, 2013 at 12:59:19PM +0100, Pablo Neira Ayuso wrote:
> This patch allows you to atomically remove all rules stored in
> a table via the NFT_MSG_DELRULE command. You only need to indicate
> the specific table and no chain to flush all rules stored in that
> table.
I'm going to apply this with a minor change.
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
> I already indicated this in october:
>
> http://patchwork.ozlabs.org/patch/280192/
>
> but this probably got lost. I'm going to submit to qualify this as fix
> otherwise we won't have sane table flushing in the first nftables release.
>
> net/netfilter/nf_tables_api.c | 46 +++++++++++++++++++++++++++++------------
> 1 file changed, 33 insertions(+), 13 deletions(-)
>
> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> index dcddc49..237b49a 100644
> --- a/net/netfilter/nf_tables_api.c
> +++ b/net/netfilter/nf_tables_api.c
> @@ -1717,6 +1717,19 @@ nf_tables_delrule_one(struct nft_ctx *ctx, struct nft_rule *rule)
> return -ENOENT;
> }
>
> +static int nf_table_delrule_by_chain(struct nft_ctx *ctx)
> +{
> + struct nft_rule *rule, *tmp;
> + int err;
> +
> + list_for_each_entry_safe(rule, tmp, &ctx->chain->rules, list) {
We don't need _safe here, as the rule is deleted in the commit path,
here it is just tagged as scheduled to be removed.
> + err = nf_tables_delrule_one(ctx, rule);
> + if (err < 0)
> + return err;
> + }
> + return 0;
> +}
prev parent reply other threads:[~2013-12-07 22:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-06 11:59 [PATCH] netfilter: nf_tables: fix missing rules flushing per table Pablo Neira Ayuso
2013-12-07 22:36 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131207223637.GB4050@localhost \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.