[PATCH conntrack,v2] conntrack: do not silence EEXIST error, use NLM_F_EXCL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Instead of silencing EEXIST error with -A/--add, unset NLM_F_EXCL
netlink flag.

Do not ignore error from kernel for command invocation.

This patch revisits e42ea65e9c93 ("conntrack: introduce new -A
command").

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
v2: squash
    https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230518091832.90570-1-pablo@xxxxxxxxxxxxx/
    into this patch, it is actually part of the same logical update.

 src/conntrack.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/conntrack.c b/src/conntrack.c
index 23eaf274a78a..b9fcf8e44ee2 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -2886,7 +2886,7 @@ static int print_stats(const struct ct_cmd *cmd)
 		fprintf(stderr, "%s v%s (conntrack-tools): ",PROGNAME,VERSION);
 		fprintf(stderr, exit_msg[cmd->cmd], counter);
 		if (counter == 0 &&
-		    !(cmd->command & (CT_LIST | EXP_LIST | CT_ADD)))
+		    !(cmd->command & (CT_LIST | EXP_LIST)))
 			return -1;
 	}
 
@@ -3219,6 +3219,7 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd,
 	struct nfct_mnl_socket *modifier_sock = &_modifier_sock;
 	struct nfct_mnl_socket *event_sock = &_event_sock;
 	struct nfct_filter_dump *filter_dump;
+	uint16_t nl_flags = 0;
 	int res = 0;
 
 	switch(cmd->command) {
@@ -3305,14 +3306,15 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd,
 			nfct_set_attr(cmd->tmpl.ct, ATTR_CONNLABELS,
 					xnfct_bitmask_clone(cmd->tmpl.label_modify));
 
+		if (cmd->command == CT_CREATE)
+			nl_flags = NLM_F_EXCL;
+
 		res = nfct_mnl_request(sock, NFNL_SUBSYS_CTNETLINK, cmd->family,
 				       IPCTNL_MSG_CT_NEW,
-				       NLM_F_CREATE | NLM_F_ACK | NLM_F_EXCL,
+				       NLM_F_CREATE | NLM_F_ACK | nl_flags,
 				       NULL, cmd->tmpl.ct, NULL);
 		if (res >= 0)
 			counter++;
-		else if (errno == EEXIST && cmd->command == CT_ADD)
-			res = 0;
 		break;
 
 	case EXP_CREATE:
@@ -3835,7 +3837,7 @@ int main(int argc, char *argv[])
 			exit_error(OTHER_PROBLEM, "OOM");
 
 		do_parse(cmd, argc, argv);
-		do_command_ct(argv[0], cmd, sock);
+		res |= do_command_ct(argv[0], cmd, sock);
 		res = print_stats(cmd);
 		free(cmd);
 	}
-- 
2.30.2
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux