diff options
| author | Carlos Falgueras García <carlosfg@riseup.net> | 2015-10-27 12:58:07 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-11-02 12:51:31 +0100 |
| commit | 0721fbbe7a951a1e879d120c7a722012c38af9a6 (patch) | |
| tree | cdd25f3c37b7fbac14d6f172671676c88c66030f /include | |
| parent | 44d7b90f6e473be3ce4425d41d80df43f319d951 (diff) | |
src: Add command "replace" for rules
Modify the parser and add necessary functions to provide the command "nft
replace rule <ruleid_spec> <new_rule>"
Example of use:
# nft list ruleset -a
table ip filter {
chain output {
ip daddr 8.8.8.7 counter packets 0 bytes 0 # handle 3
}
}
# nft replace rule filter output handle 3 ip daddr 8.8.8.8 counter
# nft list ruleset -a
table ip filter {
chain output {
ip daddr 8.8.8.8 counter packets 0 bytes 0 # handle 3
}
}
Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/mnl.h | 2 | ||||
| -rw-r--r-- | include/netlink.h | 4 | ||||
| -rw-r--r-- | include/rule.h | 2 |
3 files changed, 8 insertions, 0 deletions
diff --git a/include/mnl.h b/include/mnl.h index 9c14e1aa..f74dfee5 100644 --- a/include/mnl.h +++ b/include/mnl.h @@ -26,6 +26,8 @@ int mnl_nft_rule_batch_add(struct nftnl_rule *nlr, unsigned int flags, uint32_t seqnum); int mnl_nft_rule_batch_del(struct nftnl_rule *nlr, unsigned int flags, uint32_t seqnum); +int mnl_nft_rule_batch_replace(struct nftnl_rule *nlr, unsigned int flags, + uint32_t seqnum); int mnl_nft_rule_add(struct mnl_socket *nf_sock, struct nftnl_rule *r, unsigned int flags); diff --git a/include/netlink.h b/include/netlink.h index 7bf7ea0d..84447422 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -98,6 +98,10 @@ extern int netlink_add_rule_batch(struct netlink_ctx *ctx, extern int netlink_del_rule_batch(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc); +extern int netlink_replace_rule_batch(struct netlink_ctx *ctx, + const struct handle *h, + const struct rule *rule, + const struct location *loc); extern int netlink_add_chain(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc, diff --git a/include/rule.h b/include/rule.h index 30b4597d..a86f600b 100644 --- a/include/rule.h +++ b/include/rule.h @@ -237,6 +237,7 @@ extern void set_print_plain(const struct set *s); * * @CMD_INVALID: invalid * @CMD_ADD: add object (non-exclusive) + * @CMD_REPLACE, replace object * @CMD_CREATE: create object (exclusive) * @CMD_INSERT: insert object * @CMD_DELETE: delete object @@ -250,6 +251,7 @@ extern void set_print_plain(const struct set *s); enum cmd_ops { CMD_INVALID, CMD_ADD, + CMD_REPLACE, CMD_CREATE, CMD_INSERT, CMD_DELETE, |