path: root/iptables/nft.h
diff options
authorPablo Neira Ayuso <>2018-05-28 18:48:19 +0200
committerPablo Neira Ayuso <>2018-05-28 23:54:44 +0200
commit01e25e264a4c4872fc0b1b50b4ee83768e7c0248 (patch)
tree5c52548fb5d7ae1c438d7e466d388eb12f3e333c /iptables/nft.h
parent8d190e98564f0ed119f14444367970b7a4ecd7d2 (diff)
xtables: add chain cache
So we don't have to dump the chain cache content over and over again. Moreover, perform incremental updates on the chain cache to add and to delete non-base chains. Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/nft.h')
1 files changed, 2 insertions, 1 deletions
diff --git a/iptables/nft.h b/iptables/nft.h
index 9311662b..72c2fdc5 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -36,6 +36,7 @@ struct nft_handle {
struct list_head err_list;
struct nft_family_ops *ops;
struct builtin_table *tables;
+ struct nftnl_chain_list *chain_cache;
struct nftnl_rule_list *rule_cache;
bool restore;
int8_t config_done;
@@ -73,7 +74,7 @@ int nft_table_flush(struct nft_handle *h, const char *table);
struct nftnl_chain;
int nft_chain_set(struct nft_handle *h, const char *table, const char *chain, const char *policy, const struct xt_counters *counters);
-struct nftnl_chain_list *nft_chain_dump(struct nft_handle *h, const char *table);
+struct nftnl_chain_list *nft_chain_dump(struct nft_handle *h);
struct nftnl_chain *nft_chain_list_find(struct nftnl_chain_list *list, const char *table, const char *chain);
int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list, const char *table);
int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *table);