diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-09-04 00:55:59 +0300 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-09-04 18:34:54 +0300 |
| commit | 2335ba704f32b855651d0cd15dd9b271ec565fb6 (patch) | |
| tree | 72ffd0864ada474d443657a4fadb2b40842dce05 /scripts/gdb/linux/utils.py | |
| parent | 4035285fe07d82ee78e314022541e619463aa408 (diff) | |
| download | linux-2335ba704f32b855651d0cd15dd9b271ec565fb6.tar.xz | |
netlink: add NLM_F_NONREC flag for deletion requests
In the last NFWS in Faro, Portugal, we discussed that netlink is lacking
the semantics to request non recursive deletions, ie. do not delete an
object iff it has child objects that hang from this parent object that
the user requests to be deleted.
We need this new flag to solve a problem for the iptables-compat
backward compatibility utility, that runs iptables commands using the
existing nf_tables netlink interface. Specifically, custom chains in
iptables cannot be deleted if there are rules in it, however, nf_tables
allows to remove any chain that is populated with content. To sort out
this asymmetry, iptables-compat userspace sets this new NLM_F_NONREC
flag to obtain the same semantics that iptables provides.
This new flag should only be used for deletion requests. Note this new
flag value overlaps with the existing:
* NLM_F_ROOT for get requests.
* NLM_F_REPLACE for new requests.
However, those flags should not ever be used in deletion requests.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'scripts/gdb/linux/utils.py')
0 files changed, 0 insertions, 0 deletions