diff options
author | Florian Westphal <fw@strlen.de> | 2019-04-23 15:16:22 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2019-04-27 01:08:46 +0200 |
commit | 862818ac3a0de5642444dfc9aa06e0f6fbb3ef38 (patch) | |
tree | ed68082823e7705bbb7a854ab781e080bb003ed2 /iptables | |
parent | d3e378b4a93f485d5ba5ba395dba9befaa5d133b (diff) |
xtables: add and use nft_build_cache
Will be used with the "generation id" infrastructure.
When we're told that the commit failed because someone else made
changes, we can use this to re-initialize the cache and then
revalidate the transaction list (e.g. to detect that we now have
to flush the user-defined chain 'foo' that we wanted to create, but
was added just now by someone else).
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/nft.c | 28 | ||||
-rw-r--r-- | iptables/nft.h | 2 | ||||
-rw-r--r-- | iptables/xtables-restore.c | 5 |
3 files changed, 26 insertions, 9 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 1cef7a13..4c9ce1a2 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1486,6 +1486,28 @@ static int fetch_rule_cache(struct nft_handle *h) return 0; } +static void __nft_build_cache(struct nft_handle *h) +{ + fetch_chain_cache(h); + fetch_rule_cache(h); + h->have_cache = true; +} + + +void nft_build_cache(struct nft_handle *h) +{ + if (!h->have_cache) + __nft_build_cache(h); +} + +void nft_rebuild_cache(struct nft_handle *h) +{ + if (!h->have_cache) + flush_chain_cache(h, NULL); + + __nft_build_cache(h); +} + struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h, const char *table) { @@ -1495,11 +1517,7 @@ struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h, if (!t) return NULL; - if (!h->have_cache) { - fetch_chain_cache(h); - fetch_rule_cache(h); - h->have_cache = true; - } + nft_build_cache(h); return h->table[t->type].chain_cache; } diff --git a/iptables/nft.h b/iptables/nft.h index d428287b..97c28b35 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -63,6 +63,8 @@ int mnl_talk(struct nft_handle *h, struct nlmsghdr *nlh, void *data); int nft_init(struct nft_handle *h, const struct builtin_table *t); void nft_fini(struct nft_handle *h); +void nft_build_cache(struct nft_handle *h); +void nft_rebuild_cache(struct nft_handle *h); /* * Operations with tables. diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index b12ab6a6..a6a331d3 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -145,10 +145,7 @@ void xtables_restore_parse(struct nft_handle *h, if (p->tablename && (strcmp(p->tablename, table) != 0)) continue; - /* Fixme: Needed to init chain cache. - * Should create explicit function to do this. - */ - nft_chain_list_get(h, table); + nft_build_cache(h); if (h->noflush == 0) { DEBUGP("Cleaning all chains of table '%s'\n", |