path: root/iptables/nft.h
diff options
authorFlorian Westphal <>2019-04-23 15:16:20 +0200
committerFlorian Westphal <>2019-04-27 01:08:08 +0200
commit0baa08fed43fa318eaa6ffe02673289343ac9cc0 (patch)
tree3060ebde032b213641fe62211ae9bf4f02d91785 /iptables/nft.h
parent31dd3780a64935e3bcf83efb1a4354eed41f59ee (diff)
xtables: unify user chain add/flush for restore case
The idea here is to move the 'flush' decision into the core, rather than have the decision in the frontend. This will be required later when "generation id" is passed to kernel. In this case, we might have to add the flush when re-trying the transaction. Signed-off-by: Florian Westphal <> Acked-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/nft.h')
1 files changed, 2 insertions, 2 deletions
diff --git a/iptables/nft.h b/iptables/nft.h
index 56dc2076..d428287b 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -45,6 +45,7 @@ struct nft_handle {
} table[NFT_TABLE_MAX];
bool have_cache;
bool restore;
+ bool noflush;
int8_t config_done;
/* meta data, for error reporting */
@@ -87,8 +88,7 @@ struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h,
int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list);
int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *table);
int nft_chain_user_del(struct nft_handle *h, const char *chain, const char *table, bool verbose);
-int nft_chain_user_flush(struct nft_handle *h, struct nftnl_chain_list *list,
- const char *chain, const char *table);
+int nft_chain_restore(struct nft_handle *h, const char *chain, const char *table);
int nft_chain_user_rename(struct nft_handle *h, const char *chain, const char *table, const char *newname);
int nft_chain_zero_counters(struct nft_handle *h, const char *chain, const char *table, bool verbose);
const struct builtin_chain *nft_chain_builtin_find(const struct builtin_table *t, const char *chain);