path: root/iptables/nft-cache.h
diff options
authorPablo Neira Ayuso <>2020-01-06 13:20:14 +0100
committerPhil Sutter <>2020-05-11 14:28:28 +0200
commit9d07514ac5c7a27ec72df5a81bf067073d63bd99 (patch)
tree129a8f08d7c132296c7d8131c540074995551bac /iptables/nft-cache.h
parenta7f1e208cdf9c6392c99d3c52764701d004bdde7 (diff)
nft: calculate cache requirements from list of commands
This patch uses the new list of commands to calculate the cache requirements, the rationale after this updates is the following: #1 Parsing, that builds the list of commands and it also calculates cache level requirements. #2 Cache building. #3 Translate commands to jobs #4 Translate jobs to netlink This patch removes the pre-parsing code in xtables-restore.c to calculate the cache. After this patch, cache is calculated only once, there is no need to cancel and refetch for an in-transit transaction. Signed-off-by: Pablo Neira Ayuso <> Signed-off-by: Phil Sutter <>
Diffstat (limited to 'iptables/nft-cache.h')
1 files changed, 2 insertions, 0 deletions
diff --git a/iptables/nft-cache.h b/iptables/nft-cache.h
index ed498835..cf28808e 100644
--- a/iptables/nft-cache.h
+++ b/iptables/nft-cache.h
@@ -3,6 +3,7 @@
struct nft_handle;
+void nft_cache_level_set(struct nft_handle *h, int level);
void nft_fake_cache(struct nft_handle *h);
void nft_build_cache(struct nft_handle *h, struct nftnl_chain *c);
void nft_rebuild_cache(struct nft_handle *h);
@@ -10,6 +11,7 @@ void nft_release_cache(struct nft_handle *h);
void flush_chain_cache(struct nft_handle *h, const char *tablename);
int flush_rule_cache(struct nft_handle *h, const char *table,
struct nftnl_chain *c);
+void nft_cache_build(struct nft_handle *h);
struct nftnl_chain_list *
nft_chain_list_get(struct nft_handle *h, const char *table, const char *chain);