summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2020-05-25 17:57:15 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2020-05-25 18:02:11 +0200
commit1185db9b0c1457ebb20195b63277dbda2388952c (patch)
tree952a1083513ddcc70af50e5c070f88bfa2b5bb7e
parent0bd7d62c450c6736af4141d37073c5b40f1f894d (diff)
flowtable: relax logic to build NFTA_FLOWTABLE_HOOK
The logic to build NFTA_FLOWTABLE_HOOK enforces the presence of the hook number and priority to include the devices. Relax this to allow for incremental device updates. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/flowtable.c31
1 files changed, 19 insertions, 12 deletions
diff --git a/src/flowtable.c b/src/flowtable.c
index 19e2882..658115d 100644
--- a/src/flowtable.c
+++ b/src/flowtable.c
@@ -313,31 +313,38 @@ EXPORT_SYMBOL(nftnl_flowtable_nlmsg_build_payload);
void nftnl_flowtable_nlmsg_build_payload(struct nlmsghdr *nlh,
const struct nftnl_flowtable *c)
{
+ struct nlattr *nest = NULL;
int i;
if (c->flags & (1 << NFTNL_FLOWTABLE_TABLE))
mnl_attr_put_strz(nlh, NFTA_FLOWTABLE_TABLE, c->table);
if (c->flags & (1 << NFTNL_FLOWTABLE_NAME))
mnl_attr_put_strz(nlh, NFTA_FLOWTABLE_NAME, c->name);
- if ((c->flags & (1 << NFTNL_FLOWTABLE_HOOKNUM)) &&
- (c->flags & (1 << NFTNL_FLOWTABLE_PRIO))) {
- struct nlattr *nest;
+ if (c->flags & (1 << NFTNL_FLOWTABLE_HOOKNUM) ||
+ c->flags & (1 << NFTNL_FLOWTABLE_PRIO) ||
+ c->flags & (1 << NFTNL_FLOWTABLE_DEVICES))
nest = mnl_attr_nest_start(nlh, NFTA_FLOWTABLE_HOOK);
+
+ if (c->flags & (1 << NFTNL_FLOWTABLE_HOOKNUM))
mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_HOOK_NUM, htonl(c->hooknum));
+ if (c->flags & (1 << NFTNL_FLOWTABLE_PRIO))
mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_HOOK_PRIORITY, htonl(c->prio));
- if (c->flags & (1 << NFTNL_FLOWTABLE_DEVICES)) {
- struct nlattr *nest_dev;
- nest_dev = mnl_attr_nest_start(nlh,
- NFTA_FLOWTABLE_HOOK_DEVS);
- for (i = 0; i < c->dev_array_len; i++)
- mnl_attr_put_strz(nlh, NFTA_DEVICE_NAME,
- c->dev_array[i]);
- mnl_attr_nest_end(nlh, nest_dev);
+ if (c->flags & (1 << NFTNL_FLOWTABLE_DEVICES)) {
+ struct nlattr *nest_dev;
+
+ nest_dev = mnl_attr_nest_start(nlh, NFTA_FLOWTABLE_HOOK_DEVS);
+ for (i = 0; i < c->dev_array_len; i++) {
+ mnl_attr_put_strz(nlh, NFTA_DEVICE_NAME,
+ c->dev_array[i]);
}
- mnl_attr_nest_end(nlh, nest);
+ mnl_attr_nest_end(nlh, nest_dev);
}
+
+ if (nest)
+ mnl_attr_nest_end(nlh, nest);
+
if (c->flags & (1 << NFTNL_FLOWTABLE_FLAGS))
mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_FLAGS, htonl(c->ft_flags));
if (c->flags & (1 << NFTNL_FLOWTABLE_USE))