fixeria submitted this change.

View Change

2 is the latest approved patch-set.
No files were changed between the latest approved patch-set and the submitted one.

enft_kpi: flush the table on init

Older versions of nftables, including the 1.0.6 provided by Osmocom,
do not support setting the "owner" flag when creating a table via JSON.
Ensure that we start with a clean state by deleting the table on init.

Change-Id: I96bf4f7b6d5c9104fad0d6f98eda56e7a4e4fa7d
Related: SYS#7307
---
M src/enft_kpi.erl
1 file changed, 30 insertions(+), 15 deletions(-)

diff --git a/src/enft_kpi.erl b/src/enft_kpi.erl
index cc2107a..f8cf126 100644
--- a/src/enft_kpi.erl
+++ b/src/enft_kpi.erl
@@ -149,20 +149,11 @@
     process_flag(trap_exit, true),
     TName = maps:get(table_name, Cfg, "osmo-s1gw"),
     Interval = maps:get(interval, Cfg, 3000),
-    %% ignore (accept) anything but GTPU @ udp/2152
-    R1 = [enftables:nft_expr_match_ip_proto("udp", ?OP_NEQ),
-          enftables:nft_expr_accept()],
-    R2 = [enftables:nft_expr_match_udp_dport(?GTPU_PORT, ?OP_NEQ),
-          enftables:nft_expr_accept()],
-    Cmds = [enftables:nft_cmd_add_table(TName, [<< "owner" >>]),
-            nft_cmd_add_chain(TName, "gtpu-ul", "prerouting"),
-            nft_cmd_add_chain(TName, "gtpu-dl", "postrouting"),
-            enftables:nft_cmd_add_rule(TName, "gtpu-ul", R1),
-            enftables:nft_cmd_add_rule(TName, "gtpu-dl", R1),
-            enftables:nft_cmd_add_rule(TName, "gtpu-ul", R2),
-            enftables:nft_cmd_add_rule(TName, "gtpu-dl", R2)
-           ],
-    case nft_exec(Cmds) of
+    %% flush the table, in case it remained
+    %% it may not exist, so we ignore the result
+    nft_flush_table(TName),
+    %% create and initialize the table
+    case nft_init_table(TName) of
         ok ->
             ?LOG_INFO("NFT table ~p has been initialized", [TName]),
             spawn_link(fun() -> heartbeat(Interval) end),
@@ -317,7 +308,7 @@
     ?LOG_NOTICE("Terminating, reason ~p", [Reason]),
     case Cfg of
         #{enable := true, table_name := TName} ->
-            nft_exec([enftables:nft_cmd_del_table(TName)]), %% delete the table
+            nft_flush_table(TName),
             ok;
         _ -> ok %% stub mode
     end.
@@ -518,6 +509,30 @@
     end.
 
 
+-spec nft_flush_table(string()) -> enftables:result().
+nft_flush_table(TName) ->
+    Cmds = [enftables:nft_cmd_del_table(TName)],
+    nft_exec(Cmds).
+
+
+-spec nft_init_table(string()) -> enftables:result().
+nft_init_table(TName) ->
+    %% ignore (accept) anything but GTPU @ udp/2152
+    R1 = [enftables:nft_expr_match_ip_proto("udp", ?OP_NEQ),
+          enftables:nft_expr_accept()],
+    R2 = [enftables:nft_expr_match_udp_dport(?GTPU_PORT, ?OP_NEQ),
+          enftables:nft_expr_accept()],
+    Cmds = [enftables:nft_cmd_add_table(TName, [<< "owner" >>]),
+            nft_cmd_add_chain(TName, "gtpu-ul", "prerouting"),
+            nft_cmd_add_chain(TName, "gtpu-dl", "postrouting"),
+            enftables:nft_cmd_add_rule(TName, "gtpu-ul", R1),
+            enftables:nft_cmd_add_rule(TName, "gtpu-dl", R1),
+            enftables:nft_cmd_add_rule(TName, "gtpu-ul", R2),
+            enftables:nft_cmd_add_rule(TName, "gtpu-dl", R2)
+           ],
+    nft_exec(Cmds).
+
+
 -spec nft_exec(Cmds) -> enftables:result()
     when Cmds :: [enftables:nft_cmd()].
 nft_exec(Cmds) ->

To view, visit change 40532. To unsubscribe, or for help writing mail filters, visit settings.