path: root/iptables/nft.h
diff options
authorPhil Sutter <>2018-12-20 16:09:12 +0100
committerPablo Neira Ayuso <>2018-12-27 19:53:01 +0100
commit947c51c95edbbf08d6b3c105177ac5cfa238aade (patch)
treea25744e4e9d94ec92afb774b78f68259298da24b /iptables/nft.h
parenteb13831f1c41c0efa626ab85d4448fb8ce4c87a2 (diff)
xtables: Implement per chain rule cache
Use recently introduced support for rules inside chains in libnftnl to introduce a rule cache per chain instead of a global one. A tricky bit is to decide if cache should be updated or not. Previously, the global rule cache was populated just once and then reused unless being flushed completely (via call to flush_rule_cache() with NULL-pointer table argument). Resemble this behaviour by introducing a boolean indicating cache status and fetch rules for all chains when updating the chain cache in nft_chain_list_get(). Signed-off-by: Phil Sutter <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/nft.h')
1 files changed, 1 insertions, 1 deletions
diff --git a/iptables/nft.h b/iptables/nft.h
index bf60ab39..6568257f 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -42,7 +42,7 @@ struct nft_handle {
struct nftnl_chain_list *chain_cache;
bool initialized;
} table[NFT_TABLE_MAX];
- struct nftnl_rule_list *rule_cache;
+ bool have_cache;
bool restore;
int8_t config_done;