From f11cf6d42f873513f0bb9b80edb6bfad2dda55eb Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 24 Aug 2016 15:58:57 +0200 Subject: src: add create set command Add support for the 'create' command, we already support this in other existing objects, so support this for sets too, eg. # nft add set x y { type ipv4_addr\; } # nft create set x y { type ipv4_addr\; } :1:1-35: Error: Could not process rule: File exists create set x y { type ipv4_addr; } ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ # nft add set x y { type ipv4_addr\; } # This command sets the NLM_F_EXCL netlink flag, so if the object already exists, nf_tables returns -EEXIST. This is changing the existing behaviour of 'nft add set' which was setting this flag, this is inconsistent with regards to the way other objects behave. Signed-off-by: Pablo Neira Ayuso --- include/netlink.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/netlink.h b/include/netlink.h index 76a9da44..5f487074 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -148,7 +148,7 @@ extern int netlink_flush_table(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc); extern int netlink_add_set(struct netlink_ctx *ctx, const struct handle *h, - struct set *set); + struct set *set, bool excl); extern int netlink_delete_set(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc); extern int netlink_list_sets(struct netlink_ctx *ctx, const struct handle *h, -- cgit v1.2.3