From patchwork Wed Oct 31 09:31:05 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tomasz Bursztyka X-Patchwork-Id: 195782 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 89C862C01C2 for ; Wed, 31 Oct 2012 20:31:16 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933414Ab2JaJbP (ORCPT ); Wed, 31 Oct 2012 05:31:15 -0400 Received: from mga03.intel.com ([143.182.124.21]:33152 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932190Ab2JaJbO (ORCPT ); Wed, 31 Oct 2012 05:31:14 -0400 Received: from azsmga002.ch.intel.com ([10.2.17.35]) by azsmga101.ch.intel.com with ESMTP; 31 Oct 2012 02:31:14 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.80,687,1344236400"; d="scan'208";a="162786540" Received: from rd-180.fi.intel.com ([10.237.68.32]) by AZSMGA002.ch.intel.com with ESMTP; 31 Oct 2012 02:31:12 -0700 From: Tomasz Bursztyka To: netfilter-devel@vger.kernel.org Cc: Tomasz Bursztyka Subject: [iptables-nftables - PATCH 2/5] nft: Add support for chain rename options (-E) Date: Wed, 31 Oct 2012 11:31:05 +0200 Message-Id: <1351675868-14302-3-git-send-email-tomasz.bursztyka@linux.intel.com> X-Mailer: git-send-email 1.7.12.4 In-Reply-To: <1351675868-14302-1-git-send-email-tomasz.bursztyka@linux.intel.com> References: <1351675868-14302-1-git-send-email-tomasz.bursztyka@linux.intel.com> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Signed-off-by: Tomasz Bursztyka --- include/linux/netfilter/nf_tables.h | 1 + iptables/nft.c | 33 ++++++++++++++++++++++++++++----- 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 74a521a..63480b3 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -67,6 +67,7 @@ enum nft_chain_attributes { NFTA_CHAIN_HOOK, NFTA_CHAIN_POLICY, NFTA_CHAIN_USE, + NFTA_CHAIN_NEW_NAME, __NFTA_CHAIN_MAX }; #define NFTA_CHAIN_MAX (__NFTA_CHAIN_MAX - 1) diff --git a/iptables/nft.c b/iptables/nft.c index 6d2de99..0454725 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1570,14 +1570,37 @@ err: int nft_chain_user_rename(struct nft_handle *h,const char *chain, const char *table, const char *newname) { + char buf[MNL_SOCKET_BUFFER_SIZE]; + struct nlmsghdr *nlh; + struct nft_chain *c; int ret; - /* XXX need new operation in nf_tables to support this */ - ret = nft_chain_user_del(h, chain, table); - if (ret < 0) - return ret; + /* If built-in chains don't exist for this table, create them */ + nft_chain_builtin_init(h, table, NULL, NF_ACCEPT); - return nft_chain_user_add(h, newname, table); + c = nft_chain_alloc(); + if (c == NULL) { + DEBUGP("cannot allocate chain\n"); + return -1; + } + + nft_chain_attr_set(c, NFT_CHAIN_ATTR_TABLE, (char *)table); + nft_chain_attr_set(c, NFT_CHAIN_ATTR_NAME, (char *)chain); + nft_chain_attr_set(c, NFT_CHAIN_ATTR_NEW_NAME, (char *)newname); + + nlh = nft_chain_nlmsg_build_hdr(buf, NFT_MSG_NEWCHAIN, AF_INET, + NLM_F_ACK|NLM_F_REPLACE, h->seq); + nft_chain_nlmsg_build_payload(nlh, c); + nft_chain_free(c); + + ret = mnl_talk(h, nlh, NULL, NULL); + if (ret < 0) { + if (errno != EEXIST) + perror("mnl_talk:nft_chain_rename"); + } + + /* the core expects 1 for success and 0 for error */ + return ret == 0 ? 1 : 0; } static int nft_table_list_cb(const struct nlmsghdr *nlh, void *data)