diff options
author | Phil Sutter <phil@nwl.cc> | 2020-03-18 17:08:31 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2020-05-11 14:28:28 +0200 |
commit | 13b351c9ba01751c693df68f657d19e8c3d267ce (patch) | |
tree | d3710e31d4ab080bee1d3dc0ee658989401b60dc /iptables/nft-cache.h | |
parent | 6d1d5aa5c93eca890e28b508ef426b7844caf2b7 (diff) |
nft-cache: Fetch cache per table
Restore per-table operation of cache routines as initially implemented
in commit e2883c5531e6e ("nft-cache: Support partial cache per table").
As before, this doesn't limit fetching of tables (their number is
supposed to be low) but instead limits fetching of sets, chains and
rules to the specified table.
For this to behave correctly when restoring without flushing over
multiple tables, cache must be freed fully after each commit - otherwise
the previous table's cache level is reused for the current one. The
exception being fake cache, used for flushing restore: NFT_CL_FAKE is
set just once at program startup, so it must stay set otherwise
consecutive tables cause pointless cache fetching.
The sole use-case requiring a multi-table cache, iptables-save, is
indicated by req->table being NULL. Therefore, req->table assignment is
a bit sloppy: All calls to nft_cache_level_set() are assumed to set the
same table value, collision detection exists merely to catch programming
mistakes.
Make nft_fini() call nft_release_cache() instead of flush_chain_cache(),
the former does a full cache deinit including cache_req contents.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft-cache.h')
-rw-r--r-- | iptables/nft-cache.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/iptables/nft-cache.h b/iptables/nft-cache.h index 01dd15e1..f4291180 100644 --- a/iptables/nft-cache.h +++ b/iptables/nft-cache.h @@ -2,8 +2,10 @@ #define _NFT_CACHE_H_ struct nft_handle; +struct nft_cmd; -void nft_cache_level_set(struct nft_handle *h, int level); +void nft_cache_level_set(struct nft_handle *h, int level, + const struct nft_cmd *cmd); void nft_rebuild_cache(struct nft_handle *h); void nft_release_cache(struct nft_handle *h); void flush_chain_cache(struct nft_handle *h, const char *tablename); |