From fd33d964a94063d7af6f1713350df980cf440503 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 24 Aug 2016 16:45:06 +0200 Subject: src: create element command This patch adds the create command, that send the NLM_F_EXCL flag so nf_tables bails out if the element already exists, eg. # nft add element x y { 1.1.1.1 } # nft create element x y { 1.1.1.1 } :1:1-31: Error: Could not process rule: File exists create element x y { 1.1.1.1 } ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This update requires nf_tables kernel patches to honor the NLM_F_EXCL. Signed-off-by: Pablo Neira Ayuso --- src/netlink.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'src/netlink.c') diff --git a/src/netlink.c b/src/netlink.c index f897b0e3..f8da2a6b 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -1318,7 +1318,7 @@ static void alloc_setelem_cache(const struct expr *set, struct nftnl_set *nls) static int netlink_add_setelems_batch(struct netlink_ctx *ctx, const struct handle *h, - const struct expr *expr) + const struct expr *expr, bool excl) { struct nftnl_set *nls; int err; @@ -1327,7 +1327,8 @@ static int netlink_add_setelems_batch(struct netlink_ctx *ctx, alloc_setelem_cache(expr, nls); netlink_dump_set(nls); - err = mnl_nft_setelem_batch_add(nls, 0, ctx->seqnum); + err = mnl_nft_setelem_batch_add(nls, excl ? NLM_F_EXCL : 0, + ctx->seqnum); nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, &expr->location, @@ -1338,7 +1339,7 @@ static int netlink_add_setelems_batch(struct netlink_ctx *ctx, static int netlink_add_setelems_compat(struct netlink_ctx *ctx, const struct handle *h, - const struct expr *expr) + const struct expr *expr, bool excl) { struct nftnl_set *nls; int err; @@ -1347,7 +1348,7 @@ static int netlink_add_setelems_compat(struct netlink_ctx *ctx, alloc_setelem_cache(expr, nls); netlink_dump_set(nls); - err = mnl_nft_setelem_add(nf_sock, nls, 0); + err = mnl_nft_setelem_add(nf_sock, nls, excl ? NLM_F_EXCL : 0); nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, &expr->location, @@ -1357,12 +1358,12 @@ static int netlink_add_setelems_compat(struct netlink_ctx *ctx, } int netlink_add_setelems(struct netlink_ctx *ctx, const struct handle *h, - const struct expr *expr) + const struct expr *expr, bool excl) { if (ctx->batch_supported) - return netlink_add_setelems_batch(ctx, h, expr); + return netlink_add_setelems_batch(ctx, h, expr, excl); else - return netlink_add_setelems_compat(ctx, h, expr); + return netlink_add_setelems_compat(ctx, h, expr, excl); } static int netlink_del_setelems_batch(struct netlink_ctx *ctx, -- cgit v1.2.3