diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-08-24 16:45:06 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-08-25 14:21:56 +0200 |
commit | fd33d964a94063d7af6f1713350df980cf440503 (patch) | |
tree | 6421d4b11926d51f0cc91ad26d17f4faabb3f3a1 /src/netlink.c | |
parent | e0f8c894982a57cb1772640715737c7477e7ef8d (diff) |
src: create element command
This patch adds the create command, that send the NLM_F_EXCL flag so
nf_tables bails out if the element already exists, eg.
# nft add element x y { 1.1.1.1 }
# nft create element x y { 1.1.1.1 }
<cmdline>:1:1-31: Error: Could not process rule: File exists
create element x y { 1.1.1.1 }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This update requires nf_tables kernel patches to honor the NLM_F_EXCL.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink.c')
-rw-r--r-- | src/netlink.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/src/netlink.c b/src/netlink.c index f897b0e3..f8da2a6b 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -1318,7 +1318,7 @@ static void alloc_setelem_cache(const struct expr *set, struct nftnl_set *nls) static int netlink_add_setelems_batch(struct netlink_ctx *ctx, const struct handle *h, - const struct expr *expr) + const struct expr *expr, bool excl) { struct nftnl_set *nls; int err; @@ -1327,7 +1327,8 @@ static int netlink_add_setelems_batch(struct netlink_ctx *ctx, alloc_setelem_cache(expr, nls); netlink_dump_set(nls); - err = mnl_nft_setelem_batch_add(nls, 0, ctx->seqnum); + err = mnl_nft_setelem_batch_add(nls, excl ? NLM_F_EXCL : 0, + ctx->seqnum); nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, &expr->location, @@ -1338,7 +1339,7 @@ static int netlink_add_setelems_batch(struct netlink_ctx *ctx, static int netlink_add_setelems_compat(struct netlink_ctx *ctx, const struct handle *h, - const struct expr *expr) + const struct expr *expr, bool excl) { struct nftnl_set *nls; int err; @@ -1347,7 +1348,7 @@ static int netlink_add_setelems_compat(struct netlink_ctx *ctx, alloc_setelem_cache(expr, nls); netlink_dump_set(nls); - err = mnl_nft_setelem_add(nf_sock, nls, 0); + err = mnl_nft_setelem_add(nf_sock, nls, excl ? NLM_F_EXCL : 0); nftnl_set_free(nls); if (err < 0) netlink_io_error(ctx, &expr->location, @@ -1357,12 +1358,12 @@ static int netlink_add_setelems_compat(struct netlink_ctx *ctx, } int netlink_add_setelems(struct netlink_ctx *ctx, const struct handle *h, - const struct expr *expr) + const struct expr *expr, bool excl) { if (ctx->batch_supported) - return netlink_add_setelems_batch(ctx, h, expr); + return netlink_add_setelems_batch(ctx, h, expr, excl); else - return netlink_add_setelems_compat(ctx, h, expr); + return netlink_add_setelems_compat(ctx, h, expr, excl); } static int netlink_del_setelems_batch(struct netlink_ctx *ctx, |