summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/mnl.h2
-rw-r--r--src/mnl.c15
-rw-r--r--src/netlink.c14
3 files changed, 30 insertions, 1 deletions
diff --git a/include/mnl.h b/include/mnl.h
index f74dfee5..87db96af 100644
--- a/include/mnl.h
+++ b/include/mnl.h
@@ -82,6 +82,8 @@ int mnl_nft_setelem_delete(struct mnl_socket *nf_sock, struct nftnl_set *nls,
unsigned int flags);
int mnl_nft_setelem_batch_del(struct nftnl_set *nls,
unsigned int flags, uint32_t seq);
+int mnl_nft_setelem_batch_flush(struct nftnl_set *nls, unsigned int flags,
+ uint32_t seqnum);
int mnl_nft_setelem_get(struct mnl_socket *nf_sock, struct nftnl_set *nls);
struct nftnl_ruleset *mnl_nft_ruleset_dump(struct mnl_socket *nf_sock,
diff --git a/src/mnl.c b/src/mnl.c
index d107015c..257b630e 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -902,6 +902,21 @@ int mnl_nft_setelem_batch_add(struct nftnl_set *nls, unsigned int flags,
return mnl_nft_setelem_batch(nls, NFT_MSG_NEWSETELEM, flags, seqnum);
}
+int mnl_nft_setelem_batch_flush(struct nftnl_set *nls, unsigned int flags,
+ uint32_t seqnum)
+{
+ struct nlmsghdr *nlh;
+
+ nlh = nftnl_set_elem_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+ NFT_MSG_DELSETELEM,
+ nftnl_set_get_u32(nls, NFTNL_SET_FAMILY),
+ NLM_F_CREATE | flags, seqnum);
+ nftnl_set_elems_nlmsg_build_payload(nlh, nls);
+ mnl_nft_batch_continue();
+
+ return 0;
+}
+
int mnl_nft_setelem_batch_del(struct nftnl_set *nls, unsigned int flags,
uint32_t seqnum)
{
diff --git a/src/netlink.c b/src/netlink.c
index 714df4e8..d6d00199 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1410,7 +1410,19 @@ static int netlink_del_setelems_compat(struct netlink_ctx *ctx,
int netlink_flush_setelems(struct netlink_ctx *ctx, const struct handle *h,
const struct location *loc)
{
- return netlink_del_setelems_batch(ctx, h, NULL);
+ struct nftnl_set *nls;
+ int err;
+
+ nls = alloc_nftnl_set(h);
+ netlink_dump_set(nls);
+
+ err = mnl_nft_setelem_batch_flush(nls, 0, ctx->seqnum);
+ nftnl_set_free(nls);
+ if (err < 0)
+ netlink_io_error(ctx, loc,
+ "Could not flush set elements: %s",
+ strerror(errno));
+ return err;
}
static struct expr *netlink_parse_concat_elem(const struct datatype *dtype,