git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 24 Aug 2016 13:58:57 +0000 (15:58 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 24 Aug 2016 14:09:30 +0000 (16:09 +0200)
commit	f11cf6d42f873513f0bb9b80edb6bfad2dda55eb
tree	087de63610f4199fb6322b1c5c8379dea9632e00	tree
parent	f6d06a649062464a609125aee1cb5b80693d100e	commit \| diff

src: add create set command

Add support for the 'create' command, we already support this in other
existing objects, so support this for sets too, eg.

# nft add set x y { type ipv4_addr\; }
# nft create set x y { type ipv4_addr\; }
<cmdline>:1:1-35: Error: Could not process rule: File exists
create set x y { type ipv4_addr; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
# nft add set x y { type ipv4_addr\; }
#

This command sets the NLM_F_EXCL netlink flag, so if the object already
exists, nf_tables returns -EEXIST.

This is changing the existing behaviour of 'nft add set' which was
setting this flag, this is inconsistent with regards to the way other
objects behave.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/netlink.h		diff \| blob \| blame \| history
src/netlink.c		diff \| blob \| blame \| history
src/parser_bison.y		diff \| blob \| blame \| history
src/rule.c		diff \| blob \| blame \| history