nftables: Add more operations and raise kernel errors #902

Currently, the handling of batch messages is difficult as nlm_request sends each message separately and listens for responses from a single message sequence number only. Therefore, this commit introduces `nlm_request_batch`, which can be supplied with a list of messages. The function will then listen for expected responses for any of the supplied messages and return/yield them to the caller. In the future, this will allow for improved error handling. Since some nftables write operations require batches, the current approach is to accumulate messages in a batch and send them to the socket in a fire-and-forget manner. This causes errors reported by the kernel to go unnoticed. This commit prepares improved error handling for nftables by allowing to read those errors. It is related to issue svinota#892.

This commit adds more nftables operations and uses `nlm_request_batch` to raise errors that are reported by the kernel. With this commit, errors, e.g. caused by invalid rule expressions or missing NLAs, will no longer go unnoticed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

nftables: Add more operations and raise kernel errors #902

nftables: Add more operations and raise kernel errors #902

Commits on Apr 23, 2022