Instead of silencing EEXIST error with -A/--add, unset NLM_F_EXCL
netlink flag.
This patch revisits e42ea65e9c93 ("conntrack: introduce new -A
command").
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/conntrack.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/conntrack.c b/src/conntrack.c
index 926213a27efc..b9fcf8e44ee2 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -3219,6 +3219,7 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd,
struct nfct_mnl_socket *modifier_sock = &_modifier_sock;
struct nfct_mnl_socket *event_sock = &_event_sock;
struct nfct_filter_dump *filter_dump;
+ uint16_t nl_flags = 0;
int res = 0;
switch(cmd->command) {
@@ -3305,14 +3306,15 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd,
nfct_set_attr(cmd->tmpl.ct, ATTR_CONNLABELS,
xnfct_bitmask_clone(cmd->tmpl.label_modify));
+ if (cmd->command == CT_CREATE)
+ nl_flags = NLM_F_EXCL;
+
res = nfct_mnl_request(sock, NFNL_SUBSYS_CTNETLINK, cmd->family,
IPCTNL_MSG_CT_NEW,
- NLM_F_CREATE | NLM_F_ACK | NLM_F_EXCL,
+ NLM_F_CREATE | NLM_F_ACK | nl_flags,
NULL, cmd->tmpl.ct, NULL);
if (res >= 0)
counter++;
- else if (errno == EEXIST && cmd->command == CT_ADD)
- res = 0;
break;
case EXP_CREATE:
--
2.30.2
