diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-12-20 01:14:10 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-12-20 20:24:27 +0100 |
commit | 7c568680e2d904b5332e398a2a329ecdb94f897e (patch) | |
tree | 7276de2d45e7fb6dc0f5bedea2de116977e5ccc1 /src/mnl.c | |
parent | 0e1824475e2e7aee09dd2d5c38fc4ebd4b7ab8bb (diff) |
mnl: add mnl_nft_setelem_batch_flush() and use it from netlink_flush_setelems()
Commit 8bd99f2fca7e ("mnl: don't send empty set elements netlink message
to kernel") broke set flush because we still need to send the netlink
message with no elements to flush sets.
To avoid more whack-a-mole games, add a new explicit function
mnl_nft_setelem_batch_flush() that is used to request a set flush,
instead of reusing the one that allows us to explicitly delete given set
elements.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/mnl.c')
-rw-r--r-- | src/mnl.c | 15 |
1 files changed, 15 insertions, 0 deletions
@@ -902,6 +902,21 @@ int mnl_nft_setelem_batch_add(struct nftnl_set *nls, unsigned int flags, return mnl_nft_setelem_batch(nls, NFT_MSG_NEWSETELEM, flags, seqnum); } +int mnl_nft_setelem_batch_flush(struct nftnl_set *nls, unsigned int flags, + uint32_t seqnum) +{ + struct nlmsghdr *nlh; + + nlh = nftnl_set_elem_nlmsg_build_hdr(nftnl_batch_buffer(batch), + NFT_MSG_DELSETELEM, + nftnl_set_get_u32(nls, NFTNL_SET_FAMILY), + NLM_F_CREATE | flags, seqnum); + nftnl_set_elems_nlmsg_build_payload(nlh, nls); + mnl_nft_batch_continue(); + + return 0; +} + int mnl_nft_setelem_batch_del(struct nftnl_set *nls, unsigned int flags, uint32_t seqnum) { |