From d423f0e99a3630a07f622a934f1041d55e8115c0 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 8 Sep 2017 15:07:05 +0200
Subject: mnl: do not set NLM_F_CREATE in deletion requests

This flag is not legal there, it only makes sense for addition requests.
This patch has no impact at all in any of the nf_tables kernel versions.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/mnl.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/mnl.c')

diff --git a/src/mnl.c b/src/mnl.c
index 69e24071..e2174925 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -947,10 +947,13 @@ static int mnl_nft_setelem_batch(struct nftnl_set *nls,
 	if (iter == NULL)
 		memory_allocation_error();
 
+	if (cmd == NFT_MSG_NEWSETELEM)
+		flags |= NLM_F_CREATE;
+
 	while (nftnl_set_elems_iter_cur(iter)) {
 		nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch), cmd,
 					    nftnl_set_get_u32(nls, NFTNL_SET_FAMILY),
-					    NLM_F_CREATE | flags, seqnum);
+					    flags, seqnum);
 		ret = nftnl_set_elems_nlmsg_build_payload_iter(nlh, iter);
 		mnl_nft_batch_continue(batch);
 		if (ret <= 0)
@@ -977,7 +980,7 @@ int mnl_nft_setelem_batch_flush(struct nftnl_set *nls, struct nftnl_batch *batch
 	nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
 				    NFT_MSG_DELSETELEM,
 				    nftnl_set_get_u32(nls, NFTNL_SET_FAMILY),
-				    NLM_F_CREATE | flags, seqnum);
+				    flags, seqnum);
 	nftnl_set_elems_nlmsg_build_payload(nlh, nls);
 	mnl_nft_batch_continue(batch);
 
-- 
cgit v1.2.3