summaryrefslogtreecommitdiffstats
path: root/src/netlink.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2016-08-24 16:45:06 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2016-08-25 14:21:56 +0200
commitfd33d964a94063d7af6f1713350df980cf440503 (patch)
tree6421d4b11926d51f0cc91ad26d17f4faabb3f3a1 /src/netlink.c
parente0f8c894982a57cb1772640715737c7477e7ef8d (diff)
src: create element command
This patch adds the create command, that send the NLM_F_EXCL flag so nf_tables bails out if the element already exists, eg. # nft add element x y { 1.1.1.1 } # nft create element x y { 1.1.1.1 } <cmdline>:1:1-31: Error: Could not process rule: File exists create element x y { 1.1.1.1 } ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This update requires nf_tables kernel patches to honor the NLM_F_EXCL. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink.c')
-rw-r--r--src/netlink.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/src/netlink.c b/src/netlink.c
index f897b0e3..f8da2a6b 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1318,7 +1318,7 @@ static void alloc_setelem_cache(const struct expr *set, struct nftnl_set *nls)
static int netlink_add_setelems_batch(struct netlink_ctx *ctx,
const struct handle *h,
- const struct expr *expr)
+ const struct expr *expr, bool excl)
{
struct nftnl_set *nls;
int err;
@@ -1327,7 +1327,8 @@ static int netlink_add_setelems_batch(struct netlink_ctx *ctx,
alloc_setelem_cache(expr, nls);
netlink_dump_set(nls);
- err = mnl_nft_setelem_batch_add(nls, 0, ctx->seqnum);
+ err = mnl_nft_setelem_batch_add(nls, excl ? NLM_F_EXCL : 0,
+ ctx->seqnum);
nftnl_set_free(nls);
if (err < 0)
netlink_io_error(ctx, &expr->location,
@@ -1338,7 +1339,7 @@ static int netlink_add_setelems_batch(struct netlink_ctx *ctx,
static int netlink_add_setelems_compat(struct netlink_ctx *ctx,
const struct handle *h,
- const struct expr *expr)
+ const struct expr *expr, bool excl)
{
struct nftnl_set *nls;
int err;
@@ -1347,7 +1348,7 @@ static int netlink_add_setelems_compat(struct netlink_ctx *ctx,
alloc_setelem_cache(expr, nls);
netlink_dump_set(nls);
- err = mnl_nft_setelem_add(nf_sock, nls, 0);
+ err = mnl_nft_setelem_add(nf_sock, nls, excl ? NLM_F_EXCL : 0);
nftnl_set_free(nls);
if (err < 0)
netlink_io_error(ctx, &expr->location,
@@ -1357,12 +1358,12 @@ static int netlink_add_setelems_compat(struct netlink_ctx *ctx,
}
int netlink_add_setelems(struct netlink_ctx *ctx, const struct handle *h,
- const struct expr *expr)
+ const struct expr *expr, bool excl)
{
if (ctx->batch_supported)
- return netlink_add_setelems_batch(ctx, h, expr);
+ return netlink_add_setelems_batch(ctx, h, expr, excl);
else
- return netlink_add_setelems_compat(ctx, h, expr);
+ return netlink_add_setelems_compat(ctx, h, expr, excl);
}
static int netlink_del_setelems_batch(struct netlink_ctx *ctx,