netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH nft 1/3] mnl: extended error support for create command
@ 2020-02-19 14:51 Pablo Neira Ayuso
  2020-02-19 14:51 ` [PATCH nft 2/3] src: improve error reporting when setting policy on non-base chain Pablo Neira Ayuso
  2020-02-19 14:51 ` [PATCH nft 3/3] src: improve error reporting when remove rules Pablo Neira Ayuso
  0 siblings, 2 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2020-02-19 14:51 UTC (permalink / raw)
  To: netfilter-devel

 # nft create table x
 Error: Could not process rule: File exists
 create table x
              ^

 # nft create chain x y
 Error: Could not process rule: File exists
 create chain x y
                ^

 # nft create set x y { typeof ip saddr\; }
 Error: Could not process rule: File exists
 create set x y { typeof ip saddr; }
              ^

 # nft create counter x y
 Error: Could not process rule: File exists
 create counter x y
                  ^

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/mnl.h | 10 +++++-----
 src/mnl.c     | 50 +++++++++++++++++++++++++++++++++-----------------
 src/rule.c    |  2 +-
 3 files changed, 39 insertions(+), 23 deletions(-)

diff --git a/include/mnl.h b/include/mnl.h
index 07669957a6a6..6d247ccae4d1 100644
--- a/include/mnl.h
+++ b/include/mnl.h
@@ -37,7 +37,7 @@ int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd);
 struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx,
 					  int family);
 
-int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd,
 		      unsigned int flags);
 int mnl_nft_chain_del(struct netlink_ctx *ctx, struct cmd *cmd);
 int mnl_nft_chain_rename(struct netlink_ctx *ctx, const struct cmd *cmd,
@@ -46,14 +46,14 @@ int mnl_nft_chain_rename(struct netlink_ctx *ctx, const struct cmd *cmd,
 struct nftnl_chain_list *mnl_nft_chain_dump(struct netlink_ctx *ctx,
 					    int family);
 
-int mnl_nft_table_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+int mnl_nft_table_add(struct netlink_ctx *ctx, struct cmd *cmd,
 		      unsigned int flags);
 int mnl_nft_table_del(struct netlink_ctx *ctx, struct cmd *cmd);
 
 struct nftnl_table_list *mnl_nft_table_dump(struct netlink_ctx *ctx,
 					    int family);
 
-int mnl_nft_set_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+int mnl_nft_set_add(struct netlink_ctx *ctx, struct cmd *cmd,
 		    unsigned int flags);
 int mnl_nft_set_del(struct netlink_ctx *ctx, struct cmd *cmd);
 
@@ -72,14 +72,14 @@ struct nftnl_obj_list *mnl_nft_obj_dump(struct netlink_ctx *ctx, int family,
 					const char *table,
 					const char *name, uint32_t type,
 					bool dump, bool reset);
-int mnl_nft_obj_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+int mnl_nft_obj_add(struct netlink_ctx *ctx, struct cmd *cmd,
 		    unsigned int flags);
 int mnl_nft_obj_del(struct netlink_ctx *ctx, struct cmd *cmd, int type);
 
 struct nftnl_flowtable_list *
 mnl_nft_flowtable_dump(struct netlink_ctx *ctx, int family, const char *table);
 
-int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+int mnl_nft_flowtable_add(struct netlink_ctx *ctx, struct cmd *cmd,
 			  unsigned int flags);
 int mnl_nft_flowtable_del(struct netlink_ctx *ctx, struct cmd *cmd);
 
diff --git a/src/mnl.c b/src/mnl.c
index ee82db804b17..f959196922fc 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -592,7 +592,7 @@ err:
 /*
  * Chain
  */
-int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd,
 		      unsigned int flags)
 {
 	int priority, policy, i = 0;
@@ -607,8 +607,6 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd,
 		memory_allocation_error();
 
 	nftnl_chain_set_u32(nlc, NFTNL_CHAIN_FAMILY, cmd->handle.family);
-	nftnl_chain_set_str(nlc, NFTNL_CHAIN_TABLE, cmd->handle.table.name);
-	nftnl_chain_set_str(nlc, NFTNL_CHAIN_NAME, cmd->handle.chain.name);
 
 	if (cmd->chain) {
 		if (cmd->chain->flags & CHAIN_F_BASECHAIN) {
@@ -654,6 +652,12 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, const struct cmd *cmd,
 				    NFT_MSG_NEWCHAIN,
 				    cmd->handle.family,
 				    NLM_F_CREATE | flags, ctx->seqnum);
+
+	cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.table.location);
+	mnl_attr_put_strz(nlh, NFTA_CHAIN_TABLE, cmd->handle.table.name);
+	cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.chain.location);
+	mnl_attr_put_strz(nlh, NFTA_CHAIN_NAME, cmd->handle.chain.name);
+
 	nftnl_chain_nlmsg_build_payload(nlh, nlc);
 	nftnl_chain_free(nlc);
 
@@ -778,7 +782,7 @@ err:
 /*
  * Table
  */
-int mnl_nft_table_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+int mnl_nft_table_add(struct netlink_ctx *ctx, struct cmd *cmd,
 		      unsigned int flags)
 {
 	struct nftnl_table *nlt;
@@ -789,7 +793,6 @@ int mnl_nft_table_add(struct netlink_ctx *ctx, const struct cmd *cmd,
 		memory_allocation_error();
 
 	nftnl_table_set_u32(nlt, NFTNL_TABLE_FAMILY, cmd->handle.family);
-	nftnl_table_set_str(nlt, NFTNL_TABLE_NAME, cmd->handle.table.name);
 	if (cmd->table)
 		nftnl_table_set_u32(nlt, NFTNL_TABLE_FLAGS, cmd->table->flags);
 	else
@@ -799,6 +802,9 @@ int mnl_nft_table_add(struct netlink_ctx *ctx, const struct cmd *cmd,
 				    NFT_MSG_NEWTABLE,
 				    cmd->handle.family,
 				    flags, ctx->seqnum);
+
+	cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.table.location);
+	mnl_attr_put_strz(nlh, NFTA_TABLE_NAME, cmd->handle.table.name);
 	nftnl_table_nlmsg_build_payload(nlh, nlt);
 	nftnl_table_free(nlt);
 
@@ -910,10 +916,10 @@ static void set_key_expression(struct netlink_ctx *ctx,
 /*
  * Set
  */
-int mnl_nft_set_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+int mnl_nft_set_add(struct netlink_ctx *ctx, struct cmd *cmd,
 		    unsigned int flags)
 {
-	const struct handle *h = &cmd->handle;
+	struct handle *h = &cmd->handle;
 	struct nftnl_udata_buf *udbuf;
 	struct set *set = cmd->set;
 	struct nftnl_set *nls;
@@ -924,8 +930,6 @@ int mnl_nft_set_add(struct netlink_ctx *ctx, const struct cmd *cmd,
 		memory_allocation_error();
 
 	nftnl_set_set_u32(nls, NFTNL_SET_FAMILY, h->family);
-	nftnl_set_set_str(nls, NFTNL_SET_TABLE, h->table.name);
-	nftnl_set_set_str(nls, NFTNL_SET_NAME, h->set.name);
 	nftnl_set_set_u32(nls, NFTNL_SET_ID, h->set_id);
 
 	nftnl_set_set_u32(nls, NFTNL_SET_FLAGS, set->flags);
@@ -998,6 +1002,12 @@ int mnl_nft_set_add(struct netlink_ctx *ctx, const struct cmd *cmd,
 				    NFT_MSG_NEWSET,
 				    h->family,
 				    NLM_F_CREATE | flags, ctx->seqnum);
+
+	cmd_add_loc(cmd, nlh->nlmsg_len, &h->table.location);
+	mnl_attr_put_strz(nlh, NFTA_SET_TABLE, h->table.name);
+	cmd_add_loc(cmd, nlh->nlmsg_len, &h->set.location);
+	mnl_attr_put_strz(nlh, NFTA_SET_NAME, h->set.name);
+
 	nftnl_set_nlmsg_build_payload(nlh, nls);
 	nftnl_set_free(nls);
 
@@ -1099,7 +1109,7 @@ err:
 	return NULL;
 }
 
-int mnl_nft_obj_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+int mnl_nft_obj_add(struct netlink_ctx *ctx, struct cmd *cmd,
 		    unsigned int flags)
 {
 	struct obj *obj = cmd->object;
@@ -1111,8 +1121,6 @@ int mnl_nft_obj_add(struct netlink_ctx *ctx, const struct cmd *cmd,
 		memory_allocation_error();
 
 	nftnl_obj_set_u32(nlo, NFTNL_OBJ_FAMILY, cmd->handle.family);
-	nftnl_obj_set_str(nlo, NFTNL_OBJ_TABLE, cmd->handle.table.name);
-	nftnl_obj_set_str(nlo, NFTNL_OBJ_NAME, cmd->handle.obj.name);
 	nftnl_obj_set_u32(nlo, NFTNL_OBJ_TYPE, obj->type);
 
 	switch (obj->type) {
@@ -1190,6 +1198,12 @@ int mnl_nft_obj_add(struct netlink_ctx *ctx, const struct cmd *cmd,
 	nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
 				    NFT_MSG_NEWOBJ, cmd->handle.family,
 				    NLM_F_CREATE | flags, ctx->seqnum);
+
+	cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.table.location);
+	mnl_attr_put_strz(nlh, NFTA_OBJ_TABLE, cmd->handle.table.name);
+	cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.obj.location);
+	mnl_attr_put_strz(nlh, NFTA_OBJ_NAME, cmd->handle.obj.name);
+
 	nftnl_obj_nlmsg_build_payload(nlh, nlo);
 	nftnl_obj_free(nlo);
 
@@ -1533,7 +1547,7 @@ err:
 	return NULL;
 }
 
-int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd,
+int mnl_nft_flowtable_add(struct netlink_ctx *ctx, struct cmd *cmd,
 			  unsigned int flags)
 {
 	struct nftnl_flowtable *flo;
@@ -1549,10 +1563,6 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd,
 
 	nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_FAMILY,
 				cmd->handle.family);
-	nftnl_flowtable_set_str(flo, NFTNL_FLOWTABLE_TABLE,
-				cmd->handle.table.name);
-	nftnl_flowtable_set_str(flo, NFTNL_FLOWTABLE_NAME,
-				cmd->handle.flowtable.name);
 	nftnl_flowtable_set_u32(flo, NFTNL_FLOWTABLE_HOOKNUM,
 				cmd->flowtable->hooknum);
 	mpz_export_data(&priority, cmd->flowtable->priority.expr->value,
@@ -1576,6 +1586,12 @@ int mnl_nft_flowtable_add(struct netlink_ctx *ctx, const struct cmd *cmd,
 	nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
 				    NFT_MSG_NEWFLOWTABLE, cmd->handle.family,
 				    NLM_F_CREATE | flags, ctx->seqnum);
+
+	cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.table.location);
+	mnl_attr_put_strz(nlh, NFTA_FLOWTABLE_TABLE, cmd->handle.table.name);
+	cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.flowtable.location);
+	mnl_attr_put_strz(nlh, NFTA_FLOWTABLE_NAME, cmd->handle.flowtable.name);
+
 	nftnl_flowtable_nlmsg_build_payload(nlh, flo);
 	nftnl_flowtable_free(flo);
 
diff --git a/src/rule.c b/src/rule.c
index 9307dad54b6f..9e58ee66f984 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1579,7 +1579,7 @@ static int do_add_setelems(struct netlink_ctx *ctx, struct cmd *cmd,
 	return __do_add_setelems(ctx, set, init, flags);
 }
 
-static int do_add_set(struct netlink_ctx *ctx, const struct cmd *cmd,
+static int do_add_set(struct netlink_ctx *ctx, struct cmd *cmd,
 		      uint32_t flags)
 {
 	struct set *set = cmd->set;
-- 
2.11.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH nft 2/3] src: improve error reporting when setting policy on non-base chain
  2020-02-19 14:51 [PATCH nft 1/3] mnl: extended error support for create command Pablo Neira Ayuso
@ 2020-02-19 14:51 ` Pablo Neira Ayuso
  2020-02-19 14:51 ` [PATCH nft 3/3] src: improve error reporting when remove rules Pablo Neira Ayuso
  1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2020-02-19 14:51 UTC (permalink / raw)
  To: netfilter-devel

When trying to set a policy to non-base chain:

 # nft add chain x y { policy accept\; }
 Error: Could not process rule: Operation not supported
 add chain x y { policy accept; }
                 ^^^^^^^^^^^^^

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/mnl.c          | 12 +++++++-----
 src/parser_bison.y |  3 ++-
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/mnl.c b/src/mnl.c
index f959196922fc..6d1e476444ef 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -619,11 +619,6 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd,
 			nftnl_chain_set_str(nlc, NFTNL_CHAIN_TYPE,
 					    cmd->chain->type);
 		}
-		if (cmd->chain->policy) {
-			mpz_export_data(&policy, cmd->chain->policy->value,
-					BYTEORDER_HOST_ENDIAN, sizeof(int));
-			nftnl_chain_set_u32(nlc, NFTNL_CHAIN_POLICY, policy);
-		}
 		if (cmd->chain->dev_expr) {
 			dev_array = xmalloc(sizeof(char *) * 8);
 			dev_array_len = 8;
@@ -658,6 +653,13 @@ int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd,
 	cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->handle.chain.location);
 	mnl_attr_put_strz(nlh, NFTA_CHAIN_NAME, cmd->handle.chain.name);
 
+	if (cmd && cmd->chain->policy) {
+		mpz_export_data(&policy, cmd->chain->policy->value,
+				BYTEORDER_HOST_ENDIAN, sizeof(int));
+		cmd_add_loc(cmd, nlh->nlmsg_len, &cmd->chain->policy->location);
+		mnl_attr_put_u32(nlh, NFTA_CHAIN_POLICY, htonl(policy));
+	}
+
 	nftnl_chain_nlmsg_build_payload(nlh, nlc);
 	nftnl_chain_free(nlc);
 
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 819c78bfa6d1..cc77d0420cb0 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2160,7 +2160,8 @@ policy_spec		:	POLICY		policy_expr
 					expr_free($2);
 					YYERROR;
 				}
-				$<chain>0->policy	= $2;
+				$<chain>0->policy		= $2;
+				$<chain>0->policy->location	= @$;
 			}
 			;
 
-- 
2.11.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH nft 3/3] src: improve error reporting when remove rules
  2020-02-19 14:51 [PATCH nft 1/3] mnl: extended error support for create command Pablo Neira Ayuso
  2020-02-19 14:51 ` [PATCH nft 2/3] src: improve error reporting when setting policy on non-base chain Pablo Neira Ayuso
@ 2020-02-19 14:51 ` Pablo Neira Ayuso
  1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2020-02-19 14:51 UTC (permalink / raw)
  To: netfilter-devel

 # nft delete rule ip y z handle 7
 Error: Could not process rule: No such file or directory
 delete rule ip y z handle 7
                ^

 # nft delete rule ip x z handle 7
 Error: Could not process rule: No such file or directory
 delete rule ip x z handle 7
                  ^

 # nft delete rule ip x x handle 7
 Error: Could not process rule: No such file or directory
 delete rule ip x x handle 7
                           ^

 # nft replace rule x y handle 10 ip saddr 1.1.1.2 counter
 Error: Could not process rule: No such file or directory
 replace rule x y handle 10 ip saddr 1.1.1.2 counter
                         ^^

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/mnl.h |  4 ++--
 src/mnl.c     | 34 +++++++++++++++++++++++-----------
 2 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/include/mnl.h b/include/mnl.h
index 6d247ccae4d1..74b1b56fd686 100644
--- a/include/mnl.h
+++ b/include/mnl.h
@@ -31,8 +31,8 @@ int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list,
 
 int mnl_nft_rule_add(struct netlink_ctx *ctx, struct cmd *cmd,
 		     unsigned int flags);
-int mnl_nft_rule_del(struct netlink_ctx *ctx, const struct cmd *cmd);
-int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd);
+int mnl_nft_rule_del(struct netlink_ctx *ctx, struct cmd *cmd);
+int mnl_nft_rule_replace(struct netlink_ctx *ctx, struct cmd *cmd);
 
 struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx,
 					  int family);
diff --git a/src/mnl.c b/src/mnl.c
index 6d1e476444ef..3d21a0ed68a8 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -475,7 +475,7 @@ int mnl_nft_rule_add(struct netlink_ctx *ctx, struct cmd *cmd,
 	return 0;
 }
 
-int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd)
+int mnl_nft_rule_replace(struct netlink_ctx *ctx, struct cmd *cmd)
 {
 	struct rule *rule = cmd->rule;
 	struct handle *h = &rule->handle;
@@ -491,15 +491,20 @@ int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd)
 		memory_allocation_error();
 
 	nftnl_rule_set_u32(nlr, NFTNL_RULE_FAMILY, h->family);
-	nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, h->table.name);
-	nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain.name);
-	nftnl_rule_set_u64(nlr, NFTNL_RULE_HANDLE, h->handle.id);
 
 	netlink_linearize_rule(ctx, nlr, rule);
 	nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
 				    NFT_MSG_NEWRULE,
 				    cmd->handle.family,
 				    NLM_F_REPLACE | flags, ctx->seqnum);
+
+	cmd_add_loc(cmd, nlh->nlmsg_len, &h->table.location);
+	mnl_attr_put_strz(nlh, NFTA_RULE_TABLE, h->table.name);
+	cmd_add_loc(cmd, nlh->nlmsg_len, &h->chain.location);
+	mnl_attr_put_strz(nlh, NFTA_RULE_CHAIN, h->chain.name);
+	cmd_add_loc(cmd, nlh->nlmsg_len, &h->handle.location);
+	mnl_attr_put_u64(nlh, NFTA_RULE_HANDLE, htobe64(h->handle.id));
+
 	nftnl_rule_nlmsg_build_payload(nlh, nlr);
 	nftnl_rule_free(nlr);
 
@@ -508,9 +513,9 @@ int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd)
 	return 0;
 }
 
-int mnl_nft_rule_del(struct netlink_ctx *ctx, const struct cmd *cmd)
+int mnl_nft_rule_del(struct netlink_ctx *ctx, struct cmd *cmd)
 {
-	const struct handle *h = &cmd->handle;
+	struct handle *h = &cmd->handle;
 	struct nftnl_rule *nlr;
 	struct nlmsghdr *nlh;
 
@@ -519,16 +524,23 @@ int mnl_nft_rule_del(struct netlink_ctx *ctx, const struct cmd *cmd)
 		memory_allocation_error();
 
 	nftnl_rule_set_u32(nlr, NFTNL_RULE_FAMILY, h->family);
-	nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, h->table.name);
-	if (h->chain.name)
-		nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain.name);
-	if (h->handle.id)
-		nftnl_rule_set_u64(nlr, NFTNL_RULE_HANDLE, h->handle.id);
 
 	nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
 				    NFT_MSG_DELRULE,
 				    nftnl_rule_get_u32(nlr, NFTNL_RULE_FAMILY),
 				    0, ctx->seqnum);
+
+	cmd_add_loc(cmd, nlh->nlmsg_len, &h->table.location);
+	mnl_attr_put_strz(nlh, NFTA_RULE_TABLE, h->table.name);
+	if (h->chain.name) {
+		cmd_add_loc(cmd, nlh->nlmsg_len, &h->chain.location);
+		mnl_attr_put_strz(nlh, NFTA_RULE_CHAIN, h->chain.name);
+	}
+	if (h->handle.id) {
+		cmd_add_loc(cmd, nlh->nlmsg_len, &h->handle.location);
+		mnl_attr_put_u64(nlh, NFTA_RULE_HANDLE, htobe64(h->handle.id));
+	}
+
 	nftnl_rule_nlmsg_build_payload(nlh, nlr);
 	nftnl_rule_free(nlr);
 
-- 
2.11.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-02-19 14:51 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-19 14:51 [PATCH nft 1/3] mnl: extended error support for create command Pablo Neira Ayuso
2020-02-19 14:51 ` [PATCH nft 2/3] src: improve error reporting when setting policy on non-base chain Pablo Neira Ayuso
2020-02-19 14:51 ` [PATCH nft 3/3] src: improve error reporting when remove rules Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).