From 1185db9b0c1457ebb20195b63277dbda2388952c Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 25 May 2020 17:57:15 +0200 Subject: flowtable: relax logic to build NFTA_FLOWTABLE_HOOK The logic to build NFTA_FLOWTABLE_HOOK enforces the presence of the hook number and priority to include the devices. Relax this to allow for incremental device updates. Signed-off-by: Pablo Neira Ayuso --- src/flowtable.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) (limited to 'src/flowtable.c') diff --git a/src/flowtable.c b/src/flowtable.c index 19e2882..658115d 100644 --- a/src/flowtable.c +++ b/src/flowtable.c @@ -313,31 +313,38 @@ EXPORT_SYMBOL(nftnl_flowtable_nlmsg_build_payload); void nftnl_flowtable_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nftnl_flowtable *c) { + struct nlattr *nest = NULL; int i; if (c->flags & (1 << NFTNL_FLOWTABLE_TABLE)) mnl_attr_put_strz(nlh, NFTA_FLOWTABLE_TABLE, c->table); if (c->flags & (1 << NFTNL_FLOWTABLE_NAME)) mnl_attr_put_strz(nlh, NFTA_FLOWTABLE_NAME, c->name); - if ((c->flags & (1 << NFTNL_FLOWTABLE_HOOKNUM)) && - (c->flags & (1 << NFTNL_FLOWTABLE_PRIO))) { - struct nlattr *nest; + if (c->flags & (1 << NFTNL_FLOWTABLE_HOOKNUM) || + c->flags & (1 << NFTNL_FLOWTABLE_PRIO) || + c->flags & (1 << NFTNL_FLOWTABLE_DEVICES)) nest = mnl_attr_nest_start(nlh, NFTA_FLOWTABLE_HOOK); + + if (c->flags & (1 << NFTNL_FLOWTABLE_HOOKNUM)) mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_HOOK_NUM, htonl(c->hooknum)); + if (c->flags & (1 << NFTNL_FLOWTABLE_PRIO)) mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_HOOK_PRIORITY, htonl(c->prio)); - if (c->flags & (1 << NFTNL_FLOWTABLE_DEVICES)) { - struct nlattr *nest_dev; - nest_dev = mnl_attr_nest_start(nlh, - NFTA_FLOWTABLE_HOOK_DEVS); - for (i = 0; i < c->dev_array_len; i++) - mnl_attr_put_strz(nlh, NFTA_DEVICE_NAME, - c->dev_array[i]); - mnl_attr_nest_end(nlh, nest_dev); + if (c->flags & (1 << NFTNL_FLOWTABLE_DEVICES)) { + struct nlattr *nest_dev; + + nest_dev = mnl_attr_nest_start(nlh, NFTA_FLOWTABLE_HOOK_DEVS); + for (i = 0; i < c->dev_array_len; i++) { + mnl_attr_put_strz(nlh, NFTA_DEVICE_NAME, + c->dev_array[i]); } - mnl_attr_nest_end(nlh, nest); + mnl_attr_nest_end(nlh, nest_dev); } + + if (nest) + mnl_attr_nest_end(nlh, nest); + if (c->flags & (1 << NFTNL_FLOWTABLE_FLAGS)) mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_FLAGS, htonl(c->ft_flags)); if (c->flags & (1 << NFTNL_FLOWTABLE_USE)) -- cgit v1.2.3