Hi Pablo, I initially decided against it because Introducing a separate CT_ADD command would result in lots of actually unnecessary changes in lots of places, e.g. the optset arrays definitions (passed to generic_opt_check) in conntrac.c and all extensions would need a new (actually duplicate) entry for the CT_ADD, e.g. here https://git.netfilter.org/conntrack-tools/tree/extensions/libct_proto_dccp.c#n67 But if you prefer this approach, I can surely do that. Let me adjust & submit an updated patch then. Thanks, Mikhail On Wed, 22 Jun 2022 at 09:05, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > On Wed, Jun 22, 2022 at 12:55:45AM +0200, Mikhail Sennikovsky wrote: > > The -A command works exactly the same way as -I except that it > > does not fail if the ct entry already exists. > > This command is useful for the batched ct loads to not abort if > > some entries being applied exist. > > > > The ct entry dump in the "save" format is now switched to use the > > -A command as well for the generated output. > > For those reading this patch: Mikhail would like to have a way to > restore a batch of conntrack entries skipping failures in insertions > (currently, -I sets on NLM_F_CREATE), hence this new -A command. > The conntrack tool does not have create and add like nftables, it used > to have -I only. The mapping here is: -I means NLM_F_CREATE and -A > means no NLM_F_CREATE (report no error on EEXIST). > > > Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@xxxxxxxxx> > > --- > > src/conntrack.c | 34 +++++++++++++++++++++++++++------- > > 1 file changed, 27 insertions(+), 7 deletions(-) > > > > diff --git a/src/conntrack.c b/src/conntrack.c > > index 500e736..465a4f9 100644 > > --- a/src/conntrack.c > > +++ b/src/conntrack.c > > @@ -115,6 +115,7 @@ struct ct_cmd { > > unsigned int cmd; > > unsigned int type; > > unsigned int event_mask; > > + unsigned int cmd_options; > > int options; > > int family; > > int protonum; > > @@ -215,6 +216,11 @@ enum ct_command { > > }; > > /* If you add a new command, you have to update NUMBER_OF_CMD in conntrack.h */ > > > > +enum ct_command_options { > > + CT_CMD_OPT_IGNORE_ALREADY_DONE_BIT = 0, > > + CT_CMD_OPT_IGNORE_ALREADY_DONE = (1 << CT_CMD_OPT_IGNORE_ALREADY_DONE_BIT), > > Could you add CT_ADD command type so we can save this flag? > > You will have to update a few more spots in the code but this should > be fine. > > Thanks.
