diff options
author | Phil Sutter <phil@nwl.cc> | 2019-01-15 23:23:04 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-01-18 02:42:08 +0100 |
commit | 5ca9acf51adf9dcc8e0d82cd8f5b9b2514f900ee (patch) | |
tree | 62295273bac218be53870f88dc46f527f5ec78d2 /iptables/nft.h | |
parent | 2b801fc515ae094d04207e840ed191196292b968 (diff) |
xtables: Fix position of replaced rules in cache
When replacing a rule, the replacement was simply appended to the
chain's rule list. Instead, insert it where the rule it replaces was.
This also fixes for zero counters command to remove the old rule from
cache.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft.h')
-rw-r--r-- | iptables/nft.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/iptables/nft.h b/iptables/nft.h index dfdffd69..97d73c8b 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -98,7 +98,7 @@ bool nft_chain_exists(struct nft_handle *h, const char *table, const char *chain */ struct nftnl_rule; -int nft_rule_append(struct nft_handle *h, const char *chain, const char *table, void *data, uint64_t handle, bool verbose); +int nft_rule_append(struct nft_handle *h, const char *chain, const char *table, void *data, struct nftnl_rule *ref, bool verbose); int nft_rule_insert(struct nft_handle *h, const char *chain, const char *table, void *data, int rulenum, bool verbose); int nft_rule_check(struct nft_handle *h, const char *chain, const char *table, void *data, bool verbose); int nft_rule_delete(struct nft_handle *h, const char *chain, const char *table, void *data, bool verbose); |