path: root/src/netlink.c
diff options
authorPablo Neira Ayuso <>2016-12-20 01:14:10 +0100
committerPablo Neira Ayuso <>2016-12-20 20:24:27 +0100
commit7c568680e2d904b5332e398a2a329ecdb94f897e (patch)
tree7276de2d45e7fb6dc0f5bedea2de116977e5ccc1 /src/netlink.c
parent0e1824475e2e7aee09dd2d5c38fc4ebd4b7ab8bb (diff)
mnl: add mnl_nft_setelem_batch_flush() and use it from netlink_flush_setelems()
Commit 8bd99f2fca7e ("mnl: don't send empty set elements netlink message to kernel") broke set flush because we still need to send the netlink message with no elements to flush sets. To avoid more whack-a-mole games, add a new explicit function mnl_nft_setelem_batch_flush() that is used to request a set flush, instead of reusing the one that allows us to explicitly delete given set elements. Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'src/netlink.c')
1 files changed, 13 insertions, 1 deletions
diff --git a/src/netlink.c b/src/netlink.c
index 714df4e8..d6d00199 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1410,7 +1410,19 @@ static int netlink_del_setelems_compat(struct netlink_ctx *ctx,
int netlink_flush_setelems(struct netlink_ctx *ctx, const struct handle *h,
const struct location *loc)
- return netlink_del_setelems_batch(ctx, h, NULL);
+ struct nftnl_set *nls;
+ int err;
+ nls = alloc_nftnl_set(h);
+ netlink_dump_set(nls);
+ err = mnl_nft_setelem_batch_flush(nls, 0, ctx->seqnum);
+ nftnl_set_free(nls);
+ if (err < 0)
+ netlink_io_error(ctx, loc,
+ "Could not flush set elements: %s",
+ strerror(errno));
+ return err;
static struct expr *netlink_parse_concat_elem(const struct datatype *dtype,