mnl: Allow for updating devices on existing inet ingress hook chains

Complete commit a66b5ad9540dd ("src: allow for updating devices on
existing netdev chain") in supporting inet family ingress hook chains as
well. The kernel does already but nft has to add a proper hooknum
attribute to pass the checks.

Calling chain_evaluate() for populating the hook.num field is a bit over
the top and has potentially unwanted side-effects. Introduce a minimal
chain_del_evaluate() for this purpose.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/src/evaluate.c b/src/evaluate.c
index b7e4f71fdfbc92f83d49b91f960f56de15d84b67..8cecbe09de01ce08f93a4b39e8fec5c242a624c0 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -5992,6 +5992,22 @@ static void chain_del_cache(struct eval_ctx *ctx, struct cmd *cmd)
        chain_free(chain);
 }
 
+static int chain_del_evaluate(struct eval_ctx *ctx, struct cmd *cmd)
+{
+       struct chain *chain = cmd->chain;
+
+       if (chain && chain->flags & CHAIN_F_BASECHAIN && chain->hook.name) {
+               chain->hook.num = str2hooknum(chain->handle.family,
+                                             chain->hook.name);
+               if (chain->hook.num == NF_INET_NUMHOOKS)
+                       return __stmt_binary_error(ctx, &chain->hook.loc, NULL,
+                                                  "The %s family does not support this hook",
+                                                  family2str(chain->handle.family));
+       }
+       chain_del_cache(ctx, cmd);
+       return 0;
+}
+
 static void set_del_cache(struct eval_ctx *ctx, struct cmd *cmd)
 {
        struct table *table;
@@ -6069,8 +6085,7 @@ static int cmd_evaluate_delete(struct eval_ctx *ctx, struct cmd *cmd)
        case CMD_OBJ_RULE:
                return 0;
        case CMD_OBJ_CHAIN:
-               chain_del_cache(ctx, cmd);
-               return 0;
+               return chain_del_evaluate(ctx, cmd);
        case CMD_OBJ_TABLE:
                table_del_cache(ctx, cmd);
                return 0;

diff --git a/src/mnl.c b/src/mnl.c
index 984dcac27b1cfdad9733710a8afc14a0d768433e..d1402c0fcb9f4a644a09f13063de42c5640cfb85 100644 (file)
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -994,6 +994,8 @@ int mnl_nft_chain_del(struct netlink_ctx *ctx, struct cmd *cmd)
                struct nlattr *nest;
 
                nest = mnl_attr_nest_start(nlh, NFTA_CHAIN_HOOK);
+               mnl_attr_put_u32(nlh, NFTA_HOOK_HOOKNUM,
+                                htonl(cmd->chain->hook.num));
                mnl_nft_chain_devs_build(nlh, cmd);
                mnl_attr_nest_end(nlh, nest);
        }