]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4a39d2d)
mnl: do not set NLM_F_CREATE in deletion requests
authorPablo Neira Ayuso <pablo@netfilter.org>
Fri, 8 Sep 2017 13:07:05 +0000 (15:07 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 8 Sep 2017 13:08:22 +0000 (15:08 +0200)
This flag is not legal there, it only makes sense for addition requests.
This patch has no impact at all in any of the nf_tables kernel versions.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/mnl.c patch | blob | blame | history

diff --git a/src/mnl.c b/src/mnl.c
index 69e24071b8f1c304a97518980e0c672dbd821cd3..e2174925c12122999d4a039fafe309a0c48089c4 100644 (file)
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -947,10 +947,13 @@ static int mnl_nft_setelem_batch(struct nftnl_set *nls,
        if (iter == NULL)
                memory_allocation_error();
 
+       if (cmd == NFT_MSG_NEWSETELEM)
+               flags |= NLM_F_CREATE;
+
        while (nftnl_set_elems_iter_cur(iter)) {
                nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch), cmd,
                                            nftnl_set_get_u32(nls, NFTNL_SET_FAMILY),
-                                           NLM_F_CREATE | flags, seqnum);
+                                           flags, seqnum);
                ret = nftnl_set_elems_nlmsg_build_payload_iter(nlh, iter);
                mnl_nft_batch_continue(batch);
                if (ret <= 0)
@@ -977,7 +980,7 @@ int mnl_nft_setelem_batch_flush(struct nftnl_set *nls, struct nftnl_batch *batch
        nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
                                    NFT_MSG_DELSETELEM,
                                    nftnl_set_get_u32(nls, NFTNL_SET_FAMILY),
-                                   NLM_F_CREATE | flags, seqnum);
+                                   flags, seqnum);
        nftnl_set_elems_nlmsg_build_payload(nlh, nls);
        mnl_nft_batch_continue(batch);
 
Mirror of git://git.netfilter.org/nftables