diff options
author | Phil Sutter <phil@nwl.cc> | 2023-11-21 23:14:47 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-11-23 17:59:42 +0100 |
commit | f340b7b6816beaeeebf6cefa819939cf70ae18f4 (patch) | |
tree | 39e955718b979a3038e710c3e1c4693f1261643c /iptables/nft-cmd.c | |
parent | c0bd98c9339b4975c9d52739d638a3c2bdf9a7ff (diff) |
ebtables: Implement --change-counters command
Treat it like --replace against the same rule with changed counters.
The operation is obviously not atomic, so rule counters may change in
kernel while the rule is fetched, modified and replaced.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft-cmd.c')
-rw-r--r-- | iptables/nft-cmd.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c index 8a824586..8372d171 100644 --- a/iptables/nft-cmd.c +++ b/iptables/nft-cmd.c @@ -400,3 +400,23 @@ int ebt_cmd_user_chain_policy(struct nft_handle *h, const char *table, return 1; } + +int nft_cmd_rule_change_counters(struct nft_handle *h, + const char *chain, const char *table, + struct iptables_command_state *cs, + int rule_nr, uint8_t counter_op, bool verbose) +{ + struct nft_cmd *cmd; + + cmd = nft_cmd_new(h, NFT_COMPAT_RULE_CHANGE_COUNTERS, table, chain, + rule_nr == -1 ? cs : NULL, rule_nr, verbose); + if (!cmd) + return 0; + + cmd->counter_op = counter_op; + cmd->counters = cs->counters; + + nft_cache_level_set(h, NFT_CL_RULES, cmd); + + return 1; +} |