diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-08-24 15:58:57 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-08-24 16:09:30 +0200 |
| commit | f11cf6d42f873513f0bb9b80edb6bfad2dda55eb (patch) | |
| tree | 087de63610f4199fb6322b1c5c8379dea9632e00 /src/netlink.c | |
| parent | f6d06a649062464a609125aee1cb5b80693d100e (diff) | |
src: add create set command
Add support for the 'create' command, we already support this in other
existing objects, so support this for sets too, eg.
# nft add set x y { type ipv4_addr\; }
# nft create set x y { type ipv4_addr\; }
<cmdline>:1:1-35: Error: Could not process rule: File exists
create set x y { type ipv4_addr; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
# nft add set x y { type ipv4_addr\; }
#
This command sets the NLM_F_EXCL netlink flag, so if the object already
exists, nf_tables returns -EEXIST.
This is changing the existing behaviour of 'nft add set' which was
setting this flag, this is inconsistent with regards to the way other
objects behave.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink.c')
| -rw-r--r-- | src/netlink.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/src/netlink.c b/src/netlink.c index cf24c8a3..f897b0e3 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -1117,8 +1117,10 @@ static struct set *netlink_delinearize_set(struct netlink_ctx *ctx, } static int netlink_add_set_compat(struct netlink_ctx *ctx, - const struct handle *h, struct set *set) + const struct handle *h, struct set *set, + bool excl) { + unsigned int flags = excl ? NLM_F_EXCL : 0; struct nftnl_set *nls; int err; @@ -1136,7 +1138,7 @@ static int netlink_add_set_compat(struct netlink_ctx *ctx, } netlink_dump_set(nls); - err = mnl_nft_set_add(nf_sock, nls, NLM_F_EXCL | NLM_F_ECHO); + err = mnl_nft_set_add(nf_sock, nls, NLM_F_ECHO | flags); if (err < 0) netlink_io_error(ctx, &set->location, "Could not add set: %s", strerror(errno)); @@ -1148,7 +1150,8 @@ static int netlink_add_set_compat(struct netlink_ctx *ctx, } static int netlink_add_set_batch(struct netlink_ctx *ctx, - const struct handle *h, struct set *set) + const struct handle *h, struct set *set, + bool excl) { struct nftnl_set *nls; int err; @@ -1183,7 +1186,7 @@ static int netlink_add_set_batch(struct netlink_ctx *ctx, netlink_dump_set(nls); - err = mnl_nft_set_batch_add(nls, NLM_F_EXCL, ctx->seqnum); + err = mnl_nft_set_batch_add(nls, excl ? NLM_F_EXCL : 0, ctx->seqnum); if (err < 0) netlink_io_error(ctx, &set->location, "Could not add set: %s", strerror(errno)); @@ -1193,12 +1196,12 @@ static int netlink_add_set_batch(struct netlink_ctx *ctx, } int netlink_add_set(struct netlink_ctx *ctx, const struct handle *h, - struct set *set) + struct set *set, bool excl) { if (ctx->batch_supported) - return netlink_add_set_batch(ctx, h, set); + return netlink_add_set_batch(ctx, h, set, excl); else - return netlink_add_set_compat(ctx, h, set); + return netlink_add_set_compat(ctx, h, set, excl); } static int netlink_del_set_compat(struct netlink_ctx *ctx, |