* [iptables PATCH] iptables: nft: create a separated object update type to rename chains
@ 2014-11-24 10:12 Arturo Borrero Gonzalez
2014-11-24 10:39 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Arturo Borrero Gonzalez @ 2014-11-24 10:12 UTC (permalink / raw)
To: netfilter-devel; +Cc: giuseppelng, pablo
This patch adds an explicit object update type to rename chains, so we avoid
calling the nf_tables API with NLM_F_EXCL.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
---
iptables/nft.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index baaef3e..568faa1 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -253,6 +253,7 @@ enum obj_update_type {
NFT_COMPAT_CHAIN_USER_ADD,
NFT_COMPAT_CHAIN_USER_DEL,
NFT_COMPAT_CHAIN_UPDATE,
+ NFT_COMPAT_CHAIN_RENAME,
NFT_COMPAT_RULE_APPEND,
NFT_COMPAT_RULE_INSERT,
NFT_COMPAT_RULE_REPLACE,
@@ -1457,10 +1458,15 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain,
uint64_t handle;
int ret;
+ nft_fn = nft_chain_user_add;
+
/* If built-in chains don't exist for this table, create them */
if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0)
nft_xt_builtin_init(h, table);
+ /* Config load changed errno. Ensure genuine info for our callers. */
+ errno = 0;
+
/* Find the old chain to be renamed */
c = nft_chain_find(h, table, chain);
if (c == NULL) {
@@ -1479,7 +1485,7 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain,
nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_HANDLE, handle);
if (h->batch_support) {
- ret = batch_chain_add(h, NFT_COMPAT_CHAIN_USER_ADD, c);
+ ret = batch_chain_add(h, NFT_COMPAT_CHAIN_RENAME, c);
} else {
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
@@ -2225,6 +2231,10 @@ static int nft_action(struct nft_handle *h, int action)
NLM_F_CREATE : 0,
seq++, n->chain);
break;
+ case NFT_COMPAT_CHAIN_RENAME:
+ nft_compat_chain_batch_add(h, NFT_MSG_NEWCHAIN, 0,
+ seq++, n->chain);
+ break;
case NFT_COMPAT_RULE_APPEND:
nft_compat_rule_batch_add(h, NFT_MSG_NEWRULE,
NLM_F_CREATE | NLM_F_APPEND,
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [iptables PATCH] iptables: nft: create a separated object update type to rename chains
2014-11-24 10:12 [iptables PATCH] iptables: nft: create a separated object update type to rename chains Arturo Borrero Gonzalez
@ 2014-11-24 10:39 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2014-11-24 10:39 UTC (permalink / raw)
To: Arturo Borrero Gonzalez; +Cc: netfilter-devel, giuseppelng
On Mon, Nov 24, 2014 at 11:12:15AM +0100, Arturo Borrero Gonzalez wrote:
> This patch adds an explicit object update type to rename chains, so we avoid
> calling the nf_tables API with NLM_F_EXCL.
Applied and rebased ebtables-compat branch.
Thanks Arturo.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-11-24 10:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-24 10:12 [iptables PATCH] iptables: nft: create a separated object update type to rename chains Arturo Borrero Gonzalez
2014-11-24 10:39 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).