From 0721fbbe7a951a1e879d120c7a722012c38af9a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Falgueras=20Garc=C3=ADa?= <carlosfg@riseup.net>
Date: Tue, 27 Oct 2015 12:58:07 +0100
Subject: src: Add command "replace" for rules
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Modify the parser and add necessary functions to provide the command "nft
replace rule <ruleid_spec> <new_rule>"

Example of use:

	# nft list ruleset -a
	table ip filter {
		chain output {
			ip daddr 8.8.8.7 counter packets 0 bytes 0 # handle 3
		}
	}
	# nft replace rule filter output handle 3 ip daddr 8.8.8.8 counter
	# nft list ruleset -a
	table ip filter {
		chain output {
			ip daddr 8.8.8.8 counter packets 0 bytes 0 # handle 3
		}
	}

Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/mnl.h     | 2 ++
 include/netlink.h | 4 ++++
 include/rule.h    | 2 ++
 3 files changed, 8 insertions(+)

(limited to 'include')

diff --git a/include/mnl.h b/include/mnl.h
index 9c14e1aa..f74dfee5 100644
--- a/include/mnl.h
+++ b/include/mnl.h
@@ -26,6 +26,8 @@ int mnl_nft_rule_batch_add(struct nftnl_rule *nlr, unsigned int flags,
 			   uint32_t seqnum);
 int mnl_nft_rule_batch_del(struct nftnl_rule *nlr, unsigned int flags,
 			   uint32_t seqnum);
+int mnl_nft_rule_batch_replace(struct nftnl_rule *nlr, unsigned int flags,
+			       uint32_t seqnum);
 
 int mnl_nft_rule_add(struct mnl_socket *nf_sock, struct nftnl_rule *r,
 		     unsigned int flags);
diff --git a/include/netlink.h b/include/netlink.h
index 7bf7ea0d..84447422 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -98,6 +98,10 @@ extern int netlink_add_rule_batch(struct netlink_ctx *ctx,
 extern int netlink_del_rule_batch(struct netlink_ctx *ctx,
 				  const struct handle *h,
 				  const struct location *loc);
+extern int netlink_replace_rule_batch(struct netlink_ctx *ctx,
+				      const struct handle *h,
+				      const struct rule *rule,
+				      const struct location *loc);
 
 extern int netlink_add_chain(struct netlink_ctx *ctx, const struct handle *h,
 			     const struct location *loc,
diff --git a/include/rule.h b/include/rule.h
index 30b4597d..a86f600b 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -237,6 +237,7 @@ extern void set_print_plain(const struct set *s);
  *
  * @CMD_INVALID:	invalid
  * @CMD_ADD:		add object (non-exclusive)
+ * @CMD_REPLACE,	replace object
  * @CMD_CREATE:		create object (exclusive)
  * @CMD_INSERT:		insert object
  * @CMD_DELETE:		delete object
@@ -250,6 +251,7 @@ extern void set_print_plain(const struct set *s);
 enum cmd_ops {
 	CMD_INVALID,
 	CMD_ADD,
+	CMD_REPLACE,
 	CMD_CREATE,
 	CMD_INSERT,
 	CMD_DELETE,
-- 
cgit v1.2.3