On Wed, Jun 22, 2022 at 12:55:45AM +0200, Mikhail Sennikovsky wrote:
> The -A command works exactly the same way as -I except that it
> does not fail if the ct entry already exists.
> This command is useful for the batched ct loads to not abort if
> some entries being applied exist.
>
> The ct entry dump in the "save" format is now switched to use the
> -A command as well for the generated output.
For those reading this patch: Mikhail would like to have a way to
restore a batch of conntrack entries skipping failures in insertions
(currently, -I sets on NLM_F_CREATE), hence this new -A command.
The conntrack tool does not have create and add like nftables, it used
to have -I only. The mapping here is: -I means NLM_F_CREATE and -A
means no NLM_F_CREATE (report no error on EEXIST).
> Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@xxxxxxxxx>
> ---
> src/conntrack.c | 34 +++++++++++++++++++++++++++-------
> 1 file changed, 27 insertions(+), 7 deletions(-)
>
> diff --git a/src/conntrack.c b/src/conntrack.c
> index 500e736..465a4f9 100644
> --- a/src/conntrack.c
> +++ b/src/conntrack.c
> @@ -115,6 +115,7 @@ struct ct_cmd {
> unsigned int cmd;
> unsigned int type;
> unsigned int event_mask;
> + unsigned int cmd_options;
> int options;
> int family;
> int protonum;
> @@ -215,6 +216,11 @@ enum ct_command {
> };
> /* If you add a new command, you have to update NUMBER_OF_CMD in conntrack.h */
>
> +enum ct_command_options {
> + CT_CMD_OPT_IGNORE_ALREADY_DONE_BIT = 0,
> + CT_CMD_OPT_IGNORE_ALREADY_DONE = (1 << CT_CMD_OPT_IGNORE_ALREADY_DONE_BIT),
Could you add CT_ADD command type so we can save this flag?
You will have to update a few more spots in the code but this should
be fine.
Thanks.
