diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-07 20:06:30 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-07 20:18:57 +0100 |
commit | 330666048d97ed8fbb7fd1f80c5a04fb6649b594 (patch) | |
tree | 10fdc04565cd4f1b87bf2a4debc93a668469820c | |
parent | 2eb1c30d55f1433e11275f85a97d3694188ecc40 (diff) |
mnl: don't set NLM_F_ACK flag in mnl_nft_rule_batch_[add|del]
If the NLM_F_ACK flag is unset, the kernel still explicitly reports
errors. Thus, we can save the handling of many explicit (useless) ack
messages that indicate success.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/mnl.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -273,7 +273,7 @@ int mnl_nft_rule_batch_add(struct nft_rule *nlr, unsigned int flags, nlh = nft_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), NFT_MSG_NEWRULE, nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY), - flags|NLM_F_ACK|NLM_F_CREATE, seqnum); + flags|NLM_F_CREATE, seqnum); nft_rule_nlmsg_build_payload(nlh, nlr); if (!mnl_nlmsg_batch_next(batch)) @@ -290,7 +290,7 @@ int mnl_nft_rule_batch_del(struct nft_rule *nlr, unsigned int flags, nlh = nft_rule_nlmsg_build_hdr(mnl_nlmsg_batch_current(batch), NFT_MSG_DELRULE, nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY), - NLM_F_ACK, seqnum); + 0, seqnum); nft_rule_nlmsg_build_payload(nlh, nlr); |