ebtables: Implement --change-counters command

Treat it like --replace against the same rule with changed counters. The operation is obviously not atomic, so rule counters may change in kernel while the rule is fetched, modified and replaced. Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2023-11-21 23:14:47 +0100
committer: Phil Sutter <phil@nwl.cc> 2023-11-23 17:59:42 +0100
commit: f340b7b6816beaeeebf6cefa819939cf70ae18f4 (patch)
tree: 39e955718b979a3038e710c3e1c4693f1261643c /iptables/nft-cmd.c
parent: c0bd98c9339b4975c9d52739d638a3c2bdf9a7ff (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
index 8a824586..8372d171 100644
--- a/iptables/nft-cmd.c
+++ b/iptables/nft-cmd.c
@@ -400,3 +400,23 @@ int ebt_cmd_user_chain_policy(struct nft_handle *h, const char *table,
 
 	return 1;
 }
+
+int nft_cmd_rule_change_counters(struct nft_handle *h,
+				 const char *chain, const char *table,
+				 struct iptables_command_state *cs,
+				 int rule_nr, uint8_t counter_op, bool verbose)
+{
+	struct nft_cmd *cmd;
+
+	cmd = nft_cmd_new(h, NFT_COMPAT_RULE_CHANGE_COUNTERS, table, chain,
+			  rule_nr == -1 ? cs : NULL, rule_nr, verbose);
+	if (!cmd)
+		return 0;
+
+	cmd->counter_op = counter_op;
+	cmd->counters = cs->counters;
+
+	nft_cache_level_set(h, NFT_CL_RULES, cmd);
+
+	return 1;
+}
author	Phil Sutter <phil@nwl.cc>	2023-11-21 23:14:47 +0100
committer	Phil Sutter <phil@nwl.cc>	2023-11-23 17:59:42 +0100
commit	f340b7b6816beaeeebf6cefa819939cf70ae18f4 (patch)
tree	39e955718b979a3038e710c3e1c4693f1261643c /iptables/nft-cmd.c
parent	c0bd98c9339b4975c9d52739d638a3c2bdf9a7ff (diff)