const struct nl_object *obj);
extern int netlink_add_rule(struct netlink_ctx *ctx, const struct handle *h,
- const struct rule *rule);
+ const struct rule *rule, uint32_t flags);
extern int netlink_delete_rule(struct netlink_ctx *ctx, const struct handle *h);
extern int netlink_get_rule(struct netlink_ctx *ctx, const struct handle *h);
*
* @CMD_INVALID: invalid
* @CMD_ADD: add object
+ * @CMD_INSERT: insert object
* @CMD_DELETE: delete object
* @CMD_LIST: list container
* @CMD_FLUSH: flush container
enum cmd_ops {
CMD_INVALID,
CMD_ADD,
+ CMD_INSERT,
CMD_DELETE,
CMD_LIST,
CMD_FLUSH,
ctx->cmd = cmd;
switch (cmd->op) {
case CMD_ADD:
+ case CMD_INSERT:
return cmd_evaluate_add(ctx, cmd);
case CMD_DELETE:
return cmd_evaluate_delete(ctx, cmd);
}
int netlink_add_rule(struct netlink_ctx *ctx, const struct handle *h,
- const struct rule *rule)
+ const struct rule *rule, uint32_t flags)
{
struct nfnl_nft_rule *nlr;
int err;
nlr = alloc_nft_rule(&rule->handle);
err = netlink_linearize_rule(ctx, nlr, rule);
if (err == 0) {
- err = nfnl_nft_rule_add(nf_sock, nlr, NLM_F_EXCL | NLM_F_APPEND);
+ err = nfnl_nft_rule_add(nf_sock, nlr, flags | NLM_F_EXCL);
if (err < 0)
netlink_io_error(ctx, &rule->location,
"Could not add rule: %s", nl_geterror(err));
%token HANDLE "handle"
%token ADD "add"
+%token INSERT "insert"
%token DELETE "delete"
%token LIST "list"
%token FLUSH "flush"
%type <cmd> line
%destructor { cmd_free($$); } line
-%type <cmd> base_cmd add_cmd delete_cmd list_cmd flush_cmd rename_cmd
-%destructor { cmd_free($$); } base_cmd add_cmd delete_cmd list_cmd flush_cmd rename_cmd
+%type <cmd> base_cmd add_cmd insert_cmd delete_cmd list_cmd flush_cmd rename_cmd
+%destructor { cmd_free($$); } base_cmd add_cmd insert_cmd delete_cmd list_cmd flush_cmd rename_cmd
%type <handle> table_spec chain_spec chain_identifier ruleid_spec
%destructor { handle_free(&$$); } table_spec chain_spec chain_identifier ruleid_spec
base_cmd : /* empty */ add_cmd { $$ = $1; }
| ADD add_cmd { $$ = $2; }
+ | INSERT insert_cmd { $$ = $2; }
| DELETE delete_cmd { $$ = $2; }
| LIST list_cmd { $$ = $2; }
| FLUSH flush_cmd { $$ = $2; }
}
;
+insert_cmd : RULE ruleid_spec rule
+ {
+ $$ = cmd_alloc(CMD_INSERT, CMD_OBJ_RULE, &$2, $3);
+ }
+ ;
+
delete_cmd : TABLE table_spec
{
$$ = cmd_alloc(CMD_DELETE, CMD_OBJ_TABLE, &$2, NULL);
return -1;
if (chain != NULL) {
list_for_each_entry(rule, &chain->rules, list) {
- if (netlink_add_rule(ctx, &rule->handle, rule) < 0)
+ if (netlink_add_rule(ctx, &rule->handle, rule,
+ NLM_F_APPEND) < 0)
return -1;
}
}
case CMD_OBJ_CHAIN:
return do_add_chain(ctx, &cmd->handle, cmd->chain);
case CMD_OBJ_RULE:
- return netlink_add_rule(ctx, &cmd->handle, cmd->rule);
+ return netlink_add_rule(ctx, &cmd->handle, cmd->rule,
+ NLM_F_APPEND);
case CMD_OBJ_SET:
return do_add_set(ctx, &cmd->handle, cmd->set);
case CMD_OBJ_SETELEM:
return 0;
}
+static int do_command_insert(struct netlink_ctx *ctx, struct cmd *cmd)
+{
+ switch (cmd->obj) {
+ case CMD_OBJ_RULE:
+ return netlink_add_rule(ctx, &cmd->handle, cmd->rule, 0);
+ default:
+ BUG("invalid command object type %u\n", cmd->obj);
+ }
+ return 0;
+}
+
static int do_command_delete(struct netlink_ctx *ctx, struct cmd *cmd)
{
switch (cmd->obj) {
switch (cmd->op) {
case CMD_ADD:
return do_command_add(ctx, cmd);
+ case CMD_INSERT:
+ return do_command_insert(ctx, cmd);
case CMD_DELETE:
return do_command_delete(ctx, cmd);
case CMD_LIST:
"queue" { return QUEUE; }
"add" { return ADD; }
+"insert" { return INSERT; }
"delete" { return DELETE; }
"list" { return LIST; }
"flush" { return FLUSH; }
projects / thirdparty / nftables.git / commitdiff
