summaryrefslogtreecommitdiffstats
path: root/iptables/nft-shared.h
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2018-11-15 14:53:02 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2018-11-17 18:09:10 +0100
commitc58ecf9f8bcb7619a27ef8ffaddf847a562475a5 (patch)
treea1145f835bffbf0a8c9f12ce79a00e60e6b6c7ff /iptables/nft-shared.h
parent7c8791edac3e74f6ce0bf21f98bc820db8e55e62 (diff)
xtables: Introduce per table chain caches
Being able to omit the previously obligatory table name check when iterating over the chain cache might help restore performance with large rulesets in xtables-save and -restore. There is one subtle quirk in the code: flush_chain_cache() did free the global chain cache if not called with a table name but didn't if a table name was given even if it emptied the chain cache. In other places, chain_cache being non-NULL prevented a cache update from happening, so this patch establishes the same behaviour (for each individual chain cache) since otherwise unexpected cache updates lead to weird problems. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-shared.h')
-rw-r--r--iptables/nft-shared.h3
1 files changed, 2 insertions, 1 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index e3ecdb4d..9a61d8d2 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -251,7 +251,8 @@ struct nftnl_chain_list;
struct nft_xt_restore_cb {
void (*table_new)(struct nft_handle *h, const char *table);
- struct nftnl_chain_list *(*chain_list)(struct nft_handle *h);
+ struct nftnl_chain_list *(*chain_list)(struct nft_handle *h,
+ const char *table);
void (*chain_del)(struct nftnl_chain_list *clist, const char *curtable,
const char *chain);
int (*chain_user_flush)(struct nft_handle *h,