mnl: add mnl_nft_setelem_batch_flush() and use it from netlink_flush_setelems()
Commit 8bd99f2fca7e ("mnl: don't send empty set elements netlink message to kernel") broke set flush because we still need to send the netlink message with no elements to flush sets. To avoid more whack-a-mole games, add a new explicit function mnl_nft_setelem_batch_flush() that is used to request a set flush, instead of reusing the one that allows us to explicitly delete given set elements. Signed-off-by: Pablo Neira Ayuso <>
@@ -902,6 +902,21 @@ int mnl_nft_setelem_batch_add(struct nftnl_set *nls, unsigned int flags,
return mnl_nft_setelem_batch(nls, NFT_MSG_NEWSETELEM, flags, seqnum);
+int mnl_nft_setelem_batch_flush(struct nftnl_set *nls, unsigned int flags,
+ uint32_t seqnum)
+ struct nlmsghdr *nlh;
+ nlh = nftnl_set_elem_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+ nftnl_set_get_u32(nls, NFTNL_SET_FAMILY),
+ NLM_F_CREATE | flags, seqnum);
+ nftnl_set_elems_nlmsg_build_payload(nlh, nls);
+ mnl_nft_batch_continue();
+ return 0;
int mnl_nft_setelem_batch_del(struct nftnl_set *nls, unsigned int flags,
uint32_t seqnum)