diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-09 18:55:29 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-10 11:27:09 +0200 |
| commit | f1299b98d7ff200eb50ca574278bfeb1368de01b (patch) | |
| tree | 312f6ed6034990c81f45e274b9bd84f9ba286b2c /iptables/nft.h | |
| parent | ee85b1bc1bb9f91daf2004823dfa204dbc52f52a (diff) | |
iptables: nft: add tables and chains to the batch
Since kernel changes:
55dd6f9 ("netfilter: nf_tables: use new transaction infrastructure
to handle table").
91c7b38 ("netfilter: nf_tables: use new transaction infrastructure
to handle chain").
it is possible to put tables and chains in the same batch (which was
already including rules). This patch probes the kernel to check if
if the new transaction is available, otherwise it falls back to the
previous non-transactional approach to handle these two objects.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft.h')
| -rw-r--r-- | iptables/nft.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/iptables/nft.h b/iptables/nft.h index 1e78eddb..339d7bcd 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -36,6 +36,7 @@ struct nft_handle { struct nft_family_ops *ops; struct builtin_table *tables; bool restore; + bool batch_support; }; extern struct builtin_table xtables_ipv4[TABLES_MAX]; @@ -54,7 +55,7 @@ struct nft_table; struct nft_chain_list; struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const char *table); -int nft_table_add(struct nft_handle *h, const struct nft_table *t); +int nft_table_add(struct nft_handle *h, struct nft_table *t, uint16_t flags); int nft_for_each_table(struct nft_handle *h, int (*func)(struct nft_handle *h, const char *tablename, bool counters), bool counters); bool nft_table_find(struct nft_handle *h, const char *tablename); int nft_table_purge_chains(struct nft_handle *h, const char *table, struct nft_chain_list *list); @@ -68,7 +69,7 @@ struct nft_chain *nft_chain_builtin_alloc(struct builtin_table *table, struct bu void nft_chain_builtin_add(struct nft_handle *h, struct builtin_table *table, struct builtin_chain *chain, int policy); struct builtin_chain *nft_chain_builtin_find(struct builtin_table *t, const char *chain); int nft_chain_builtin_init(struct nft_handle *h, const char *table, const char *chain, int policy); -int nft_chain_add(struct nft_handle *h, const struct nft_chain *c); +int nft_chain_add(struct nft_handle *h, struct nft_chain *c, uint16_t flags); int nft_chain_set(struct nft_handle *h, const char *table, const char *chain, const char *policy, const struct xt_counters *counters); struct nft_chain_list *nft_chain_dump(struct nft_handle *h); struct nft_chain *nft_chain_list_find(struct nft_chain_list *list, const char *table, const char *chain); |