src: Add command "replace" for rules

Modify the parser and add necessary functions to provide the command "nft replace rule <ruleid_spec> <new_rule>" Example of use: # nft list ruleset -a table ip filter { chain output { ip daddr 8.8.8.7 counter packets 0 bytes 0 # handle 3 } } # nft replace rule filter output handle 3 ip daddr 8.8.8.8 counter # nft list ruleset -a table ip filter { chain output { ip daddr 8.8.8.8 counter packets 0 bytes 0 # handle 3 } } Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Carlos Falgueras García <carlosfg@riseup.net> 2015-10-27 12:58:07 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-11-02 12:51:31 +0100
commit: 0721fbbe7a951a1e879d120c7a722012c38af9a6 (patch)
tree: cdd25f3c37b7fbac14d6f172671676c88c66030f /src/mnl.c
parent: 44d7b90f6e473be3ce4425d41d80df43f319d951 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/src/mnl.c b/src/mnl.c
index e4253e53..52875f4a 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -301,6 +301,22 @@ int mnl_nft_rule_batch_add(struct nftnl_rule *nlr, unsigned int flags,
 	return 0;
 }
 
+int mnl_nft_rule_batch_replace(struct nftnl_rule *nlr, unsigned int flags,
+			       uint32_t seqnum)
+{
+	struct nlmsghdr *nlh;
+
+	nlh = nftnl_rule_nlmsg_build_hdr(nftnl_batch_buffer(batch),
+			NFT_MSG_NEWRULE,
+			nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY),
+			NLM_F_REPLACE | flags, seqnum);
+
+	nftnl_rule_nlmsg_build_payload(nlh, nlr);
+	mnl_nft_batch_continue();
+
+	return 0;
+}
+
 int mnl_nft_rule_batch_del(struct nftnl_rule *nlr, unsigned int flags,
 			   uint32_t seqnum)
 {
author	Carlos Falgueras García <carlosfg@riseup.net>	2015-10-27 12:58:07 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-11-02 12:51:31 +0100
commit	0721fbbe7a951a1e879d120c7a722012c38af9a6 (patch)
tree	cdd25f3c37b7fbac14d6f172671676c88c66030f /src/mnl.c
parent	44d7b90f6e473be3ce4425d41d80df43f319d951 (diff)