diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-01-20 20:19:20 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:23 +0100 |
commit | 9e62dc8637f210cdeaed784396fecab9b6e5f043 (patch) | |
tree | e53163246d426495c972e8176f6c681067ecddec /iptables/nft.h | |
parent | 0aad20f3979e3b6becd40e4ed5bba8d09d90706e (diff) |
xtables-restore: support atomic commit
Use new services in nf_tables to support atomic commit.
Commit per table, although we support global commit at once,
call commit for each table to emulate iptables-restore
behaviour by now.
Keep table dormant/wake up code in iptables/nft.c as it can
be used in the future.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft.h')
-rw-r--r-- | iptables/nft.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/iptables/nft.h b/iptables/nft.h index f7ed0a38..834fff0d 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -8,6 +8,7 @@ struct nft_handle { struct mnl_socket *nl; uint32_t portid; uint32_t seq; + bool commit; }; int nft_init(struct nft_handle *h); @@ -56,6 +57,12 @@ int nft_rule_save(struct nft_handle *h, const char *table, bool counters); int nft_rule_flush(struct nft_handle *h, const char *chain, const char *table); /* + * global commit and abort + */ +int nft_commit(struct nft_handle *h); +int nft_abort(struct nft_handle *h); + +/* * revision compatibility. */ int nft_compatible_revision(const char *name, uint8_t rev, int opt); |