On Fri, Dec 06, 2013 at 12:59:19PM +0100, Pablo Neira Ayuso wrote: > This patch allows you to atomically remove all rules stored in > a table via the NFT_MSG_DELRULE command. You only need to indicate > the specific table and no chain to flush all rules stored in that > table. I'm going to apply this with a minor change. > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > --- > I already indicated this in october: > > http://patchwork.ozlabs.org/patch/280192/ > > but this probably got lost. I'm going to submit to qualify this as fix > otherwise we won't have sane table flushing in the first nftables release. > > net/netfilter/nf_tables_api.c | 46 +++++++++++++++++++++++++++++------------ > 1 file changed, 33 insertions(+), 13 deletions(-) > > diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c > index dcddc49..237b49a 100644 > --- a/net/netfilter/nf_tables_api.c > +++ b/net/netfilter/nf_tables_api.c > @@ -1717,6 +1717,19 @@ nf_tables_delrule_one(struct nft_ctx *ctx, struct nft_rule *rule) > return -ENOENT; > } > > +static int nf_table_delrule_by_chain(struct nft_ctx *ctx) > +{ > + struct nft_rule *rule, *tmp; > + int err; > + > + list_for_each_entry_safe(rule, tmp, &ctx->chain->rules, list) { We don't need _safe here, as the rule is deleted in the commit path, here it is just tagged as scheduled to be removed. > + err = nf_tables_delrule_one(ctx, rule); > + if (err < 0) > + return err; > + } > + return 0; > +} -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
