netfilter: nft_dynset: support for element deletion

This patch implements the delete operation from the ruleset. It implements a new delete() function in nft_set_rhash. It is simpler to use than the already existing remove(), because it only takes the set and the key as arguments, whereas remove() expects a full nft_set_elem structure. Signed-off-by: Ander Juaristi <a@juaristi.eus> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Ander Juaristi <a@juaristi.eus> 2019-08-17 13:26:52 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-08-27 17:27:08 +0200
commit: d0a8d877da976c244092ce859683b2fa116217db (patch)
tree: c1a4f5cc5d574ffe15d949e54bde5928a9bf99ed /net/netfilter/nft_dynset.c
parent: 65af4a10743b766e319fb53812c5926c6d98b100 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
index 33833a0cb989..8887295414dc 100644
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -84,6 +84,11 @@ void nft_dynset_eval(const struct nft_expr *expr,
 	const struct nft_expr *sexpr;
 	u64 timeout;
 
+	if (priv->op == NFT_DYNSET_OP_DELETE) {
+		set->ops->delete(set, &regs->data[priv->sreg_key]);
+		return;
+	}
+
 	if (set->ops->update(set, &regs->data[priv->sreg_key], nft_dynset_new,
 			     expr, regs, &ext)) {
 		sexpr = NULL;
@@ -161,6 +166,7 @@ static int nft_dynset_init(const struct nft_ctx *ctx,
 	priv->op = ntohl(nla_get_be32(tb[NFTA_DYNSET_OP]));
 	switch (priv->op) {
 	case NFT_DYNSET_OP_ADD:
+	case NFT_DYNSET_OP_DELETE:
 		break;
 	case NFT_DYNSET_OP_UPDATE:
 		if (!(set->flags & NFT_SET_TIMEOUT))
author	Ander Juaristi <a@juaristi.eus>	2019-08-17 13:26:52 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-08-27 17:27:08 +0200
commit	d0a8d877da976c244092ce859683b2fa116217db (patch)
tree	c1a4f5cc5d574ffe15d949e54bde5928a9bf99ed /net/netfilter/nft_dynset.c
parent	65af4a10743b766e319fb53812c5926c6d98b100 (diff)