path: root/iptables/nft.h
diff options
authorPablo Neira Ayuso <>2013-01-20 20:19:20 +0100
committerPablo Neira Ayuso <>2013-12-30 23:50:23 +0100
commit9e62dc8637f210cdeaed784396fecab9b6e5f043 (patch)
treee53163246d426495c972e8176f6c681067ecddec /iptables/nft.h
parent0aad20f3979e3b6becd40e4ed5bba8d09d90706e (diff)
xtables-restore: support atomic commit
Use new services in nf_tables to support atomic commit. Commit per table, although we support global commit at once, call commit for each table to emulate iptables-restore behaviour by now. Keep table dormant/wake up code in iptables/nft.c as it can be used in the future. Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/nft.h')
1 files changed, 7 insertions, 0 deletions
diff --git a/iptables/nft.h b/iptables/nft.h
index f7ed0a38..834fff0d 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -8,6 +8,7 @@ struct nft_handle {
struct mnl_socket *nl;
uint32_t portid;
uint32_t seq;
+ bool commit;
int nft_init(struct nft_handle *h);
@@ -56,6 +57,12 @@ int nft_rule_save(struct nft_handle *h, const char *table, bool counters);
int nft_rule_flush(struct nft_handle *h, const char *chain, const char *table);
+ * global commit and abort
+ */
+int nft_commit(struct nft_handle *h);
+int nft_abort(struct nft_handle *h);
* revision compatibility.
int nft_compatible_revision(const char *name, uint8_t rev, int opt);