summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/netlink.h2
-rw-r--r--include/rule.h2
-rw-r--r--src/evaluate.c1
-rw-r--r--src/netlink.c4
-rw-r--r--src/parser.y12
-rw-r--r--src/rule.c19
-rw-r--r--src/scanner.l1
7 files changed, 34 insertions, 7 deletions
diff --git a/include/netlink.h b/include/netlink.h
index 8edd1a39..3252569b 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -51,7 +51,7 @@ extern struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
const struct nl_object *obj);
extern int netlink_add_rule(struct netlink_ctx *ctx, const struct handle *h,
- const struct rule *rule);
+ const struct rule *rule, uint32_t flags);
extern int netlink_delete_rule(struct netlink_ctx *ctx, const struct handle *h);
extern int netlink_get_rule(struct netlink_ctx *ctx, const struct handle *h);
diff --git a/include/rule.h b/include/rule.h
index e468e8e8..a992489b 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -187,6 +187,7 @@ extern void set_print(const struct set *set);
*
* @CMD_INVALID: invalid
* @CMD_ADD: add object
+ * @CMD_INSERT: insert object
* @CMD_DELETE: delete object
* @CMD_LIST: list container
* @CMD_FLUSH: flush container
@@ -195,6 +196,7 @@ extern void set_print(const struct set *set);
enum cmd_ops {
CMD_INVALID,
CMD_ADD,
+ CMD_INSERT,
CMD_DELETE,
CMD_LIST,
CMD_FLUSH,
diff --git a/src/evaluate.c b/src/evaluate.c
index 28681d0d..7aee41b3 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1306,6 +1306,7 @@ static int cmd_evaluate(struct eval_ctx *ctx, struct cmd *cmd)
ctx->cmd = cmd;
switch (cmd->op) {
case CMD_ADD:
+ case CMD_INSERT:
return cmd_evaluate_add(ctx, cmd);
case CMD_DELETE:
return cmd_evaluate_delete(ctx, cmd);
diff --git a/src/netlink.c b/src/netlink.c
index 53ef2ba9..4c60c4a2 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -293,7 +293,7 @@ struct expr *netlink_alloc_data(const struct location *loc,
}
int netlink_add_rule(struct netlink_ctx *ctx, const struct handle *h,
- const struct rule *rule)
+ const struct rule *rule, uint32_t flags)
{
struct nfnl_nft_rule *nlr;
int err;
@@ -301,7 +301,7 @@ int netlink_add_rule(struct netlink_ctx *ctx, const struct handle *h,
nlr = alloc_nft_rule(&rule->handle);
err = netlink_linearize_rule(ctx, nlr, rule);
if (err == 0) {
- err = nfnl_nft_rule_add(nf_sock, nlr, NLM_F_EXCL | NLM_F_APPEND);
+ err = nfnl_nft_rule_add(nf_sock, nlr, flags | NLM_F_EXCL);
if (err < 0)
netlink_io_error(ctx, &rule->location,
"Could not add rule: %s", nl_geterror(err));
diff --git a/src/parser.y b/src/parser.y
index 2b0700db..fc724588 100644
--- a/src/parser.y
+++ b/src/parser.y
@@ -166,6 +166,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%token HANDLE "handle"
%token ADD "add"
+%token INSERT "insert"
%token DELETE "delete"
%token LIST "list"
%token FLUSH "flush"
@@ -328,8 +329,8 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%type <cmd> line
%destructor { cmd_free($$); } line
-%type <cmd> base_cmd add_cmd delete_cmd list_cmd flush_cmd rename_cmd
-%destructor { cmd_free($$); } base_cmd add_cmd delete_cmd list_cmd flush_cmd rename_cmd
+%type <cmd> base_cmd add_cmd insert_cmd delete_cmd list_cmd flush_cmd rename_cmd
+%destructor { cmd_free($$); } base_cmd add_cmd insert_cmd delete_cmd list_cmd flush_cmd rename_cmd
%type <handle> table_spec chain_spec chain_identifier ruleid_spec
%destructor { handle_free(&$$); } table_spec chain_spec chain_identifier ruleid_spec
@@ -509,6 +510,7 @@ line : common_block { $$ = NULL; }
base_cmd : /* empty */ add_cmd { $$ = $1; }
| ADD add_cmd { $$ = $2; }
+ | INSERT insert_cmd { $$ = $2; }
| DELETE delete_cmd { $$ = $2; }
| LIST list_cmd { $$ = $2; }
| FLUSH flush_cmd { $$ = $2; }
@@ -571,6 +573,12 @@ add_cmd : TABLE table_spec
}
;
+insert_cmd : RULE ruleid_spec rule
+ {
+ $$ = cmd_alloc(CMD_INSERT, CMD_OBJ_RULE, &$2, $3);
+ }
+ ;
+
delete_cmd : TABLE table_spec
{
$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_TABLE, &$2, NULL);
diff --git a/src/rule.c b/src/rule.c
index f671117d..7d0887aa 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -347,7 +347,8 @@ static int do_add_chain(struct netlink_ctx *ctx, const struct handle *h,
return -1;
if (chain != NULL) {
list_for_each_entry(rule, &chain->rules, list) {
- if (netlink_add_rule(ctx, &rule->handle, rule) < 0)
+ if (netlink_add_rule(ctx, &rule->handle, rule,
+ NLM_F_APPEND) < 0)
return -1;
}
}
@@ -406,7 +407,8 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd)
case CMD_OBJ_CHAIN:
return do_add_chain(ctx, &cmd->handle, cmd->chain);
case CMD_OBJ_RULE:
- return netlink_add_rule(ctx, &cmd->handle, cmd->rule);
+ return netlink_add_rule(ctx, &cmd->handle, cmd->rule,
+ NLM_F_APPEND);
case CMD_OBJ_SET:
return do_add_set(ctx, &cmd->handle, cmd->set);
case CMD_OBJ_SETELEM:
@@ -417,6 +419,17 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd)
return 0;
}
+static int do_command_insert(struct netlink_ctx *ctx, struct cmd *cmd)
+{
+ switch (cmd->obj) {
+ case CMD_OBJ_RULE:
+ return netlink_add_rule(ctx, &cmd->handle, cmd->rule, 0);
+ default:
+ BUG("invalid command object type %u\n", cmd->obj);
+ }
+ return 0;
+}
+
static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd)
{
switch (cmd->obj) {
@@ -555,6 +568,8 @@ int do_command(struct netlink_ctx *ctx, struct cmd *cmd)
switch (cmd->op) {
case CMD_ADD:
return do_command_add(ctx, cmd);
+ case CMD_INSERT:
+ return do_command_insert(ctx, cmd);
case CMD_DELETE:
return do_command_delete(ctx, cmd);
case CMD_LIST:
diff --git a/src/scanner.l b/src/scanner.l
index 47397691..7ceae09d 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -242,6 +242,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"queue" { return QUEUE; }
"add" { return ADD; }
+"insert" { return INSERT; }
"delete" { return DELETE; }
"list" { return LIST; }
"flush" { return FLUSH; }