neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-upf/+/31166 )

Change subject: tunmap: ensure nft table is removed on program exit ......................................................................

tunmap: ensure nft table is removed on program exit

Make the nft table owned by the osmo-upf process, so that any kind of graceful or ungraceful exit will drop all tunmap rules implicitly.

Related: SYS#6327 SYS#6264 Change-Id: Ia26bb295849905ccfeaec801d7b187bf85f21366 --- M src/osmo-upf/upf_nft.c M tests/nft-rule.vty 2 files changed, 2 insertions(+), 2 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/osmo-upf refs/changes/66/31166/1

diff --git a/src/osmo-upf/upf_nft.c b/src/osmo-upf/upf_nft.c index 6125728..08d3969 100644 --- a/src/osmo-upf/upf_nft.c +++ b/src/osmo-upf/upf_nft.c @@ -32,7 +32,7 @@

static char *upf_nft_ruleset_table_create(void *ctx, const char *table_name) { - return talloc_asprintf(ctx, "add table inet %s\n", table_name); + return talloc_asprintf(ctx, "add table inet %s { flags owner; }\n", table_name); }

static char *upf_nft_ruleset_vmap_init(void *ctx, const char *table_name, int priority_pre, int priority_post) diff --git a/tests/nft-rule.vty b/tests/nft-rule.vty index 68992cb..c7ec31e 100644 --- a/tests/nft-rule.vty +++ b/tests/nft-rule.vty @@ -3,7 +3,7 @@ OsmoUPF(config)# tunmap

OsmoUPF(config-tunmap)# show nft-rule tunmap example -add table inet osmo-upf +add table inet osmo-upf { flags owner; }

add chain inet osmo-upf pre { type filter hook prerouting priority -300; policy accept; } add chain inet osmo-upf post { type filter hook postrouting priority 400; policy accept; }