From a70369ceaef764e2bfb83b011973e7bde6b463fb Mon Sep 17 00:00:00 2001
From: Patrick McHardy <kaber@trash.net>
Date: Fri, 14 Dec 2012 17:50:10 +0100
Subject: rule: add rule insertion (prepend) support

Signed-off-by: Patrick McHardy <kaber@trash.net>
---
 src/evaluate.c |  1 +
 src/netlink.c  |  4 ++--
 src/parser.y   | 12 ++++++++++--
 src/rule.c     | 19 +++++++++++++++++--
 src/scanner.l  |  1 +
 5 files changed, 31 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/evaluate.c b/src/evaluate.c
index 28681d0d..7aee41b3 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1306,6 +1306,7 @@ static int cmd_evaluate(struct eval_ctx *ctx, struct cmd *cmd)
 	ctx->cmd = cmd;
 	switch (cmd->op) {
 	case CMD_ADD:
+	case CMD_INSERT:
 		return cmd_evaluate_add(ctx, cmd);
 	case CMD_DELETE:
 		return cmd_evaluate_delete(ctx, cmd);
diff --git a/src/netlink.c b/src/netlink.c
index 53ef2ba9..4c60c4a2 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -293,7 +293,7 @@ struct expr *netlink_alloc_data(const struct location *loc,
 }
 
 int netlink_add_rule(struct netlink_ctx *ctx, const struct handle *h,
-		     const struct rule *rule)
+		     const struct rule *rule, uint32_t flags)
 {
 	struct nfnl_nft_rule *nlr;
 	int err;
@@ -301,7 +301,7 @@ int netlink_add_rule(struct netlink_ctx *ctx, const struct handle *h,
 	nlr = alloc_nft_rule(&rule->handle);
 	err = netlink_linearize_rule(ctx, nlr, rule);
 	if (err == 0) {
-		err = nfnl_nft_rule_add(nf_sock, nlr, NLM_F_EXCL | NLM_F_APPEND);
+		err = nfnl_nft_rule_add(nf_sock, nlr, flags | NLM_F_EXCL);
 		if (err < 0)
 			netlink_io_error(ctx, &rule->location,
 					 "Could not add rule: %s", nl_geterror(err));
diff --git a/src/parser.y b/src/parser.y
index 2b0700db..fc724588 100644
--- a/src/parser.y
+++ b/src/parser.y
@@ -166,6 +166,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
 %token HANDLE			"handle"
 
 %token ADD			"add"
+%token INSERT			"insert"
 %token DELETE			"delete"
 %token LIST			"list"
 %token FLUSH			"flush"
@@ -328,8 +329,8 @@ static void location_update(struct location *loc, struct location *rhs, int n)
 %type <cmd>			line
 %destructor { cmd_free($$); }	line
 
-%type <cmd>			base_cmd add_cmd delete_cmd list_cmd flush_cmd rename_cmd
-%destructor { cmd_free($$); }	base_cmd add_cmd delete_cmd list_cmd flush_cmd rename_cmd
+%type <cmd>			base_cmd add_cmd insert_cmd delete_cmd list_cmd flush_cmd rename_cmd
+%destructor { cmd_free($$); }	base_cmd add_cmd insert_cmd delete_cmd list_cmd flush_cmd rename_cmd
 
 %type <handle>			table_spec chain_spec chain_identifier ruleid_spec
 %destructor { handle_free(&$$); } table_spec chain_spec chain_identifier ruleid_spec
@@ -509,6 +510,7 @@ line			:	common_block			{ $$ = NULL; }
 
 base_cmd		:	/* empty */	add_cmd		{ $$ = $1; }
 	  		|	ADD		add_cmd		{ $$ = $2; }
+			|	INSERT		insert_cmd	{ $$ = $2; }
 			|	DELETE		delete_cmd	{ $$ = $2; }
 			|	LIST		list_cmd	{ $$ = $2; }
 			|	FLUSH		flush_cmd	{ $$ = $2; }
@@ -571,6 +573,12 @@ add_cmd			:	TABLE		table_spec
 			}
 			;
 
+insert_cmd		:	RULE		ruleid_spec	rule
+			{
+				$$ = cmd_alloc(CMD_INSERT, CMD_OBJ_RULE, &$2, $3);
+			}
+			;
+
 delete_cmd		:	TABLE		table_spec
 			{
 				$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_TABLE, &$2, NULL);
diff --git a/src/rule.c b/src/rule.c
index f671117d..7d0887aa 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -347,7 +347,8 @@ static int do_add_chain(struct netlink_ctx *ctx, const struct handle *h,
 		return -1;
 	if (chain != NULL) {
 		list_for_each_entry(rule, &chain->rules, list) {
-			if (netlink_add_rule(ctx, &rule->handle, rule) < 0)
+			if (netlink_add_rule(ctx, &rule->handle, rule,
+					     NLM_F_APPEND) < 0)
 				return -1;
 		}
 	}
@@ -406,7 +407,8 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd)
 	case CMD_OBJ_CHAIN:
 		return do_add_chain(ctx, &cmd->handle, cmd->chain);
 	case CMD_OBJ_RULE:
-		return netlink_add_rule(ctx, &cmd->handle, cmd->rule);
+		return netlink_add_rule(ctx, &cmd->handle, cmd->rule,
+					NLM_F_APPEND);
 	case CMD_OBJ_SET:
 		return do_add_set(ctx, &cmd->handle, cmd->set);
 	case CMD_OBJ_SETELEM:
@@ -417,6 +419,17 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd)
 	return 0;
 }
 
+static int do_command_insert(struct netlink_ctx *ctx, struct cmd *cmd)
+{
+	switch (cmd->obj) {
+	case CMD_OBJ_RULE:
+		return netlink_add_rule(ctx, &cmd->handle, cmd->rule, 0);
+	default:
+		BUG("invalid command object type %u\n", cmd->obj);
+	}
+	return 0;
+}
+
 static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd)
 {
 	switch (cmd->obj) {
@@ -555,6 +568,8 @@ int do_command(struct netlink_ctx *ctx, struct cmd *cmd)
 	switch (cmd->op) {
 	case CMD_ADD:
 		return do_command_add(ctx, cmd);
+	case CMD_INSERT:
+		return do_command_insert(ctx, cmd);
 	case CMD_DELETE:
 		return do_command_delete(ctx, cmd);
 	case CMD_LIST:
diff --git a/src/scanner.l b/src/scanner.l
index 47397691..7ceae09d 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -242,6 +242,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "queue"			{ return QUEUE; }
 
 "add"			{ return ADD; }
+"insert"		{ return INSERT; }
 "delete"		{ return DELETE; }
 "list"			{ return LIST; }
 "flush"			{ return FLUSH; }
-- 
cgit v1.2.3