From 0721fbbe7a951a1e879d120c7a722012c38af9a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Falgueras=20Garc=C3=ADa?= <carlosfg@riseup.net>
Date: Tue, 27 Oct 2015 12:58:07 +0100
Subject: src: Add command "replace" for rules
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Modify the parser and add necessary functions to provide the command "nft
replace rule <ruleid_spec> <new_rule>"

Example of use:

	# nft list ruleset -a
	table ip filter {
		chain output {
			ip daddr 8.8.8.7 counter packets 0 bytes 0 # handle 3
		}
	}
	# nft replace rule filter output handle 3 ip daddr 8.8.8.8 counter
	# nft list ruleset -a
	table ip filter {
		chain output {
			ip daddr 8.8.8.8 counter packets 0 bytes 0 # handle 3
		}
	}

Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'src/netlink.c')

diff --git a/src/netlink.c b/src/netlink.c
index 4d1e977f..ad86084e 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -382,6 +382,24 @@ int netlink_add_rule_batch(struct netlink_ctx *ctx,
 	return err;
 }
 
+int netlink_replace_rule_batch(struct netlink_ctx *ctx, const struct handle *h,
+			       const struct rule *rule,
+			       const struct location *loc)
+{
+	struct nftnl_rule *nlr;
+	int err;
+
+	nlr = alloc_nftnl_rule(&rule->handle);
+	netlink_linearize_rule(ctx, nlr, rule);
+	err = mnl_nft_rule_batch_replace(nlr, 0, ctx->seqnum);
+	nftnl_rule_free(nlr);
+
+	if (err < 0)
+		netlink_io_error(ctx, loc, "Could not replace rule to batch: %s",
+				 strerror(errno));
+	return err;
+}
+
 int netlink_add_rule_list(struct netlink_ctx *ctx, const struct handle *h,
 			  struct list_head *rule_list)
 {
-- 
cgit v1.2.3