On Wed, Jun 22, 2022 at 09:05:22AM +0200, Pablo Neira Ayuso wrote: > On Wed, Jun 22, 2022 at 12:55:45AM +0200, Mikhail Sennikovsky wrote: > > The -A command works exactly the same way as -I except that it > > does not fail if the ct entry already exists. > > This command is useful for the batched ct loads to not abort if > > some entries being applied exist. > > > > The ct entry dump in the "save" format is now switched to use the > > -A command as well for the generated output. > > For those reading this patch: Mikhail would like to have a way to > restore a batch of conntrack entries skipping failures in insertions > (currently, -I sets on NLM_F_CREATE), hence this new -A command. > The conntrack tool does not have create and add like nftables, it used > to have -I only. The mapping here is: -I means NLM_F_CREATE and -A > means no NLM_F_CREATE (report no error on EEXIST). Oh, regarding my comment: actually in conntrack there is -I/--create already. -I was selected to keep in aligned with iptables syntax. So there is a create indeed already, behind -I.
