xtables-restore: support atomic commit

Use new services in nf_tables to support atomic commit. Commit per table, although we support global commit at once, call commit for each table to emulate iptables-restore behaviour by now. Keep table dormant/wake up code in iptables/nft.c as it can be used in the future. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2013-01-20 20:19:20 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-12-30 23:50:23 +0100
commit: 9e62dc8637f210cdeaed784396fecab9b6e5f043 (patch)
tree: e53163246d426495c972e8176f6c681067ecddec /include
parent: 0aad20f3979e3b6becd40e4ed5bba8d09d90706e (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index bdab3f2e..5385bf32 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -35,6 +35,8 @@ enum nf_tables_msg_types {
 	NFT_MSG_NEWSETELEM,
 	NFT_MSG_GETSETELEM,
 	NFT_MSG_DELSETELEM,
+	NFT_MSG_COMMIT,
+	NFT_MSG_ABORT,
 	NFT_MSG_MAX,
 };
 
@@ -83,12 +85,18 @@ enum nft_chain_attributes {
 };
 #define NFTA_CHAIN_MAX		(__NFTA_CHAIN_MAX - 1)
 
+enum {
+	NFT_RULE_F_COMMIT	= (1 << 0),
+	NFT_RULE_F_MASK		= NFT_RULE_F_COMMIT,
+};
+
 enum nft_rule_attributes {
 	NFTA_RULE_UNSPEC,
 	NFTA_RULE_TABLE,
 	NFTA_RULE_CHAIN,
 	NFTA_RULE_HANDLE,
 	NFTA_RULE_EXPRESSIONS,
+	NFTA_RULE_FLAGS,
 	__NFTA_RULE_MAX
 };
 #define NFTA_RULE_MAX		(__NFTA_RULE_MAX - 1)
author	Pablo Neira Ayuso <pablo@netfilter.org>	2013-01-20 20:19:20 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-12-30 23:50:23 +0100
commit	9e62dc8637f210cdeaed784396fecab9b6e5f043 (patch)
tree	e53163246d426495c972e8176f6c681067ecddec /include
parent	0aad20f3979e3b6becd40e4ed5bba8d09d90706e (diff)