diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-19 13:25:23 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-19 19:11:31 +0200 |
| commit | ec08209eebeb80d5e250b37b47c645bf7c5b69d9 (patch) | |
| tree | 837beeb1d3f21560e09b45e4a6607192e84a2c72 | |
| parent | 1351b11102b5f20e521c83e6d9f1753bfa543409 (diff) | |
nft: add flush_cache()
This new function takes a struct nft_cache as parameter.
This patch also introduces __nft_table_builtin_find() which is required
to look up for built-in tables without the nft_handle structure.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | iptables/nft.c | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index b0a15e9b..8f6f7a41 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -840,31 +840,39 @@ static int __flush_chain_cache(struct nftnl_chain *c, void *data) return 0; } -static void flush_chain_cache(struct nft_handle *h, const char *tablename) +static int flush_cache(struct nft_cache *c, const struct builtin_table *tables, + const char *tablename) { const struct builtin_table *table; int i; if (tablename) { - table = nft_table_builtin_find(h, tablename); - if (!table || !h->cache->table[table->type].chains) - return; - nftnl_chain_list_foreach(h->cache->table[table->type].chains, + table = __nft_table_builtin_find(tables, tablename); + if (!table || !c->table[table->type].chains) + return 0; + nftnl_chain_list_foreach(c->table[table->type].chains, __flush_chain_cache, NULL); - return; + return 0; } for (i = 0; i < NFT_TABLE_MAX; i++) { - if (h->tables[i].name == NULL) + if (tables[i].name == NULL) continue; - if (!h->cache->table[i].chains) + if (!c->table[i].chains) continue; - nftnl_chain_list_free(h->cache->table[i].chains); - h->cache->table[i].chains = NULL; + nftnl_chain_list_free(c->table[i].chains); + c->table[i].chains = NULL; } - h->have_cache = false; + + return 1; +} + +static void flush_chain_cache(struct nft_handle *h, const char *tablename) +{ + if (flush_cache(h->cache, h->tables, tablename)) + h->have_cache = false; } void nft_fini(struct nft_handle *h) |