This flag is not legal there, it only makes sense for addition requests.
This patch has no impact at all in any of the nf_tables kernel versions.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/mnl.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/mnl.c b/src/mnl.c
index 69e24071b8f1..e2174925c121 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -947,10 +947,13 @@ static int mnl_nft_setelem_batch(struct nftnl_set *nls,
if (iter == NULL)
memory_allocation_error();
+ if (cmd == NFT_MSG_NEWSETELEM)
+ flags |= NLM_F_CREATE;
+
while (nftnl_set_elems_iter_cur(iter)) {
nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch), cmd,
nftnl_set_get_u32(nls, NFTNL_SET_FAMILY),
- NLM_F_CREATE | flags, seqnum);
+ flags, seqnum);
ret = nftnl_set_elems_nlmsg_build_payload_iter(nlh, iter);
mnl_nft_batch_continue(batch);
if (ret <= 0)
@@ -977,7 +980,7 @@ int mnl_nft_setelem_batch_flush(struct nftnl_set *nls, struct nftnl_batch *batch
nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(batch),
NFT_MSG_DELSETELEM,
nftnl_set_get_u32(nls, NFTNL_SET_FAMILY),
- NLM_F_CREATE | flags, seqnum);
+ flags, seqnum);
nftnl_set_elems_nlmsg_build_payload(nlh, nls);
mnl_nft_batch_continue(batch);
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
