neels submitted this change.
tunmap: ensure nft table is removed on program exit
Make the nft table owned by the osmo-upf process, so that any kind of
graceful or ungraceful exit will drop all tunmap rules implicitly.
Related: SYS#6327 SYS#6264
Change-Id: Ia26bb295849905ccfeaec801d7b187bf85f21366
---
M src/osmo-upf/upf_nft.c
M tests/nft-rule.vty
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/osmo-upf/upf_nft.c b/src/osmo-upf/upf_nft.c
index ddd556b..9faeb1e 100644
--- a/src/osmo-upf/upf_nft.c
+++ b/src/osmo-upf/upf_nft.c
@@ -32,7 +32,7 @@
static char *upf_nft_ruleset_table_create(void *ctx, const char *table_name)
{
- return talloc_asprintf(ctx, "add table inet %s\n", table_name);
+ return talloc_asprintf(ctx, "add table inet %s { flags owner; };\n", table_name);
}
static char *upf_nft_ruleset_vmap_init(void *ctx, const char *table_name, int priority_pre, int priority_post)
diff --git a/tests/nft-rule.vty b/tests/nft-rule.vty
index c226191..0fe3648 100644
--- a/tests/nft-rule.vty
+++ b/tests/nft-rule.vty
@@ -4,7 +4,7 @@
OsmoUPF(config-tunmap)# show nft-rule tunmap example
% init verdict map:
-add table inet osmo-upf
+add table inet osmo-upf { flags owner; };
add chain inet osmo-upf pre { type filter hook prerouting priority -300; policy accept; };
add chain inet osmo-upf post { type filter hook postrouting priority 400; policy accept; };
To view, visit change 31166. To unsubscribe, or for help writing mail filters, visit settings.