fixeria has uploaded this change for review. (
https://gerrit.osmocom.org/c/erlang/osmo-s1gw/+/40532?usp=email )
Change subject: enft_kpi: flush the table on init
......................................................................
enft_kpi: flush the table on init
Older versions of nftables, including the 1.0.6 provided by Osmocom,
do not support setting the "owner" flag when creating a table via JSON.
Ensure that we start with a clean state by deleting the table on init.
Change-Id: I96bf4f7b6d5c9104fad0d6f98eda56e7a4e4fa7d
Related: SYS#7307
---
M src/enft_kpi.erl
1 file changed, 30 insertions(+), 15 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/erlang/osmo-s1gw
refs/changes/32/40532/1
diff --git a/src/enft_kpi.erl b/src/enft_kpi.erl
index cc2107a..f8cf126 100644
--- a/src/enft_kpi.erl
+++ b/src/enft_kpi.erl
@@ -149,20 +149,11 @@
process_flag(trap_exit, true),
TName = maps:get(table_name, Cfg, "osmo-s1gw"),
Interval = maps:get(interval, Cfg, 3000),
- %% ignore (accept) anything but GTPU @ udp/2152
- R1 = [enftables:nft_expr_match_ip_proto("udp", ?OP_NEQ),
- enftables:nft_expr_accept()],
- R2 = [enftables:nft_expr_match_udp_dport(?GTPU_PORT, ?OP_NEQ),
- enftables:nft_expr_accept()],
- Cmds = [enftables:nft_cmd_add_table(TName, [<< "owner" >>]),
- nft_cmd_add_chain(TName, "gtpu-ul", "prerouting"),
- nft_cmd_add_chain(TName, "gtpu-dl", "postrouting"),
- enftables:nft_cmd_add_rule(TName, "gtpu-ul", R1),
- enftables:nft_cmd_add_rule(TName, "gtpu-dl", R1),
- enftables:nft_cmd_add_rule(TName, "gtpu-ul", R2),
- enftables:nft_cmd_add_rule(TName, "gtpu-dl", R2)
- ],
- case nft_exec(Cmds) of
+ %% flush the table, in case it remained
+ %% it may not exist, so we ignore the result
+ nft_flush_table(TName),
+ %% create and initialize the table
+ case nft_init_table(TName) of
ok ->
?LOG_INFO("NFT table ~p has been initialized", [TName]),
spawn_link(fun() -> heartbeat(Interval) end),
@@ -317,7 +308,7 @@
?LOG_NOTICE("Terminating, reason ~p", [Reason]),
case Cfg of
#{enable := true, table_name := TName} ->
- nft_exec([enftables:nft_cmd_del_table(TName)]), %% delete the table
+ nft_flush_table(TName),
ok;
_ -> ok %% stub mode
end.
@@ -518,6 +509,30 @@
end.
+-spec nft_flush_table(string()) -> enftables:result().
+nft_flush_table(TName) ->
+ Cmds = [enftables:nft_cmd_del_table(TName)],
+ nft_exec(Cmds).
+
+
+-spec nft_init_table(string()) -> enftables:result().
+nft_init_table(TName) ->
+ %% ignore (accept) anything but GTPU @ udp/2152
+ R1 = [enftables:nft_expr_match_ip_proto("udp", ?OP_NEQ),
+ enftables:nft_expr_accept()],
+ R2 = [enftables:nft_expr_match_udp_dport(?GTPU_PORT, ?OP_NEQ),
+ enftables:nft_expr_accept()],
+ Cmds = [enftables:nft_cmd_add_table(TName, [<< "owner" >>]),
+ nft_cmd_add_chain(TName, "gtpu-ul", "prerouting"),
+ nft_cmd_add_chain(TName, "gtpu-dl", "postrouting"),
+ enftables:nft_cmd_add_rule(TName, "gtpu-ul", R1),
+ enftables:nft_cmd_add_rule(TName, "gtpu-dl", R1),
+ enftables:nft_cmd_add_rule(TName, "gtpu-ul", R2),
+ enftables:nft_cmd_add_rule(TName, "gtpu-dl", R2)
+ ],
+ nft_exec(Cmds).
+
+
-spec nft_exec(Cmds) -> enftables:result()
when Cmds :: [enftables:nft_cmd()].
nft_exec(Cmds) ->
--
To view, visit https://gerrit.osmocom.org/c/erlang/osmo-s1gw/+/40532?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: erlang/osmo-s1gw
Gerrit-Branch: master
Gerrit-Change-Id: I96bf4f7b6d5c9104fad0d6f98eda56e7a4e4fa7d
Gerrit-Change-Number: 40532
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <[email protected]>
