diff options
| author | Carlos Falgueras García <carlosfg@riseup.net> | 2015-10-27 12:58:07 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-11-02 12:51:31 +0100 |
| commit | 0721fbbe7a951a1e879d120c7a722012c38af9a6 (patch) | |
| tree | cdd25f3c37b7fbac14d6f172671676c88c66030f /src/netlink.c | |
| parent | 44d7b90f6e473be3ce4425d41d80df43f319d951 (diff) | |
src: Add command "replace" for rules
Modify the parser and add necessary functions to provide the command "nft
replace rule <ruleid_spec> <new_rule>"
Example of use:
# nft list ruleset -a
table ip filter {
chain output {
ip daddr 8.8.8.7 counter packets 0 bytes 0 # handle 3
}
}
# nft replace rule filter output handle 3 ip daddr 8.8.8.8 counter
# nft list ruleset -a
table ip filter {
chain output {
ip daddr 8.8.8.8 counter packets 0 bytes 0 # handle 3
}
}
Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink.c')
| -rw-r--r-- | src/netlink.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/netlink.c b/src/netlink.c index 4d1e977f..ad86084e 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -382,6 +382,24 @@ int netlink_add_rule_batch(struct netlink_ctx *ctx, return err; } +int netlink_replace_rule_batch(struct netlink_ctx *ctx, const struct handle *h, + const struct rule *rule, + const struct location *loc) +{ + struct nftnl_rule *nlr; + int err; + + nlr = alloc_nftnl_rule(&rule->handle); + netlink_linearize_rule(ctx, nlr, rule); + err = mnl_nft_rule_batch_replace(nlr, 0, ctx->seqnum); + nftnl_rule_free(nlr); + + if (err < 0) + netlink_io_error(ctx, loc, "Could not replace rule to batch: %s", + strerror(errno)); + return err; +} + int netlink_add_rule_list(struct netlink_ctx *ctx, const struct handle *h, struct list_head *rule_list) { |