cellular-infrastructure
/
osmo-upf
mirror of https://gerrit.osmocom.org/osmo-upf
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

tunmap: ensure nft table is removed on program exit 

Make the nft table owned by the osmo-upf process, so that any kind of
graceful or ungraceful exit will drop all tunmap rules implicitly.

Related: SYS#6327 SYS#6264
Change-Id: Ia26bb295849905ccfeaec801d7b187bf85f21366
This commit is contained in:
Neels Hofmeyr 2023-02-03 03:32:05 +01:00
parent 4e1c680e59
commit 6c01708438
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/osmo-upf/upf_nft.c
View File

@ -32,7 +32,7 @@
static char *upf_nft_ruleset_table_create(void *ctx, const char *table_name)
{
return talloc_asprintf(ctx, "add table inet %s\n", table_name);
return talloc_asprintf(ctx, "add table inet %s { flags owner; };\n", table_name);
}
static char *upf_nft_ruleset_vmap_init(void *ctx, const char *table_name, int priority_pre, int priority_post)

2
tests/nft-rule.vty
View File

@ -4,7 +4,7 @@ OsmoUPF(config)# tunmap
OsmoUPF(config-tunmap)# show nft-rule tunmap example
% init verdict map:
add table inet osmo-upf
add table inet osmo-upf { flags owner; };
add chain inet osmo-upf pre { type filter hook prerouting priority -300; policy accept; };
add chain inet osmo-upf post { type filter hook postrouting priority 400; policy accept; };