diff options
author | Phil Sutter <phil@nwl.cc> | 2019-10-02 21:13:47 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2019-10-17 19:02:46 +0200 |
commit | 026109dbece39ad27c43ebc31a17a22e5b581987 (patch) | |
tree | 88545600249bdf767776aced847e30359b0b5d29 /iptables/nft-cache.h | |
parent | e2883c5531e6ee269845a8a11e09dd07efa2088f (diff) |
nft-cache: Support partial rule cache per chain
Accept an additional chain name pointer in __nft_build_cache() and pass
it along to fetch only that specific chain and its rules.
Enhance nft_build_cache() to take an optional nftnl_chain pointer to
fetch rules for.
Enhance nft_chain_list_get() to take an optional chain name. If cache
level doesn't include chains already, it will fetch only the specified
chain from kernel (if existing) and add that to table's chain list which
is returned. This keeps operations for all chains of a table or a
specific one within the same code path in nft.c.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-cache.h')
-rw-r--r-- | iptables/nft-cache.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/iptables/nft-cache.h b/iptables/nft-cache.h index 423c6516..793a85f4 100644 --- a/iptables/nft-cache.h +++ b/iptables/nft-cache.h @@ -4,14 +4,14 @@ struct nft_handle; void nft_fake_cache(struct nft_handle *h); -void nft_build_cache(struct nft_handle *h); +void nft_build_cache(struct nft_handle *h, struct nftnl_chain *c); void nft_rebuild_cache(struct nft_handle *h); void nft_release_cache(struct nft_handle *h); void flush_chain_cache(struct nft_handle *h, const char *tablename); void flush_rule_cache(struct nftnl_chain *c); -struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h, - const char *table); +struct nftnl_chain_list * +nft_chain_list_get(struct nft_handle *h, const char *table, const char *chain); struct nftnl_table_list *nftnl_table_list_get(struct nft_handle *h); #endif /* _NFT_CACHE_H_ */ |