nft: Introduce NFT_CL_SETS cache level

In order to support anonymous sets, introduce an intermediate cache level between NFT_CL_CHAINS and NFT_CL_RULES. Actually chains are not needed to fetch sets, but given that sets are only needed for rules, put it late to not slow down fetching chains. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Phil Sutter <phil@nwl.cc> 2019-08-20 11:21:42 +0200
committer: Phil Sutter <phil@nwl.cc> 2019-11-25 23:31:02 +0100
commit: caaba4ed83300450136405706162eeedc43c6417 (patch)
tree: c5259c7ecd2be44e90f2a8aae496bb7a13ecba60 /iptables/nft-cache.h
parent: a5877a214b6bb2e16ffbbcfd7512ff5cdbf03906 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/iptables/nft-cache.h b/iptables/nft-cache.h
index cb7a7688..ed498835 100644
--- a/iptables/nft-cache.h
+++ b/iptables/nft-cache.h
@@ -13,6 +13,8 @@ int flush_rule_cache(struct nft_handle *h, const char *table,
 
 struct nftnl_chain_list *
 nft_chain_list_get(struct nft_handle *h, const char *table, const char *chain);
+struct nftnl_set_list *
+nft_set_list_get(struct nft_handle *h, const char *table, const char *set);
 struct nftnl_table_list *nftnl_table_list_get(struct nft_handle *h);
 
 #endif /* _NFT_CACHE_H_ */
author	Phil Sutter <phil@nwl.cc>	2019-08-20 11:21:42 +0200
committer	Phil Sutter <phil@nwl.cc>	2019-11-25 23:31:02 +0100
commit	caaba4ed83300450136405706162eeedc43c6417 (patch)
tree	c5259c7ecd2be44e90f2a8aae496bb7a13ecba60 /iptables/nft-cache.h
parent	a5877a214b6bb2e16ffbbcfd7512ff5cdbf03906 (diff)