This patch allows deletion of chains via unique chain handle which can be
listed via '-a' option and table family and table name.
Signed-off-by: Harsha Sharma <harshasharmaiitr@xxxxxxxxx>
---
net/netfilter/nf_tables_api.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index f12671e0ec48..b4db7bd836d9 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1660,6 +1660,7 @@ static int nf_tables_delchain(struct net *net, struct sock *nlsk,
int family = nfmsg->nfgen_family;
struct nft_ctx ctx;
u32 use;
+ u64 handle;
int err;
afi = nf_tables_afinfo_lookup(net, family, false);
@@ -1670,7 +1671,12 @@ static int nf_tables_delchain(struct net *net, struct sock *nlsk,
if (IS_ERR(table))
return PTR_ERR(table);
- chain = nf_tables_chain_lookup(table, nla[NFTA_CHAIN_NAME], genmask);
+ if (nla[NFTA_CHAIN_HANDLE]) {
+ handle = be64_to_cpu(nla_get_be64(nla[NFTA_CHAIN_HANDLE]));
+ chain = nf_tables_chain_lookup_byhandle(table, handle, genmask);
+ } else {
+ chain = nf_tables_chain_lookup(table, nla[NFTA_CHAIN_NAME], genmask);
+ }
if (IS_ERR(chain))
return PTR_ERR(chain);
--
2.11.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
