path: root/iptables/nft.h
diff options
authorPablo M. Bermudo Garay <>2016-08-26 18:58:44 +0200
committerPablo Neira Ayuso <>2016-08-30 18:57:53 +0200
commitef2a7e9fe0d82c691aeee1cbd61095841231974f (patch)
tree41191252aca69bd85eb736799ab659e4446b8ebc /iptables/nft.h
parent6deb305b668d0c1f12b5955e76ea5097ca87bf9b (diff)
xtables-compat: add rule cache
This patch adds a cache of rules within the nft handle. This feature is useful since the whole ruleset was brought from the kernel for every chain during listing operations. In addition with the new checks of ruleset compatibility, the rule list is loaded one more time. Now all the operations causing changes in the ruleset must invalidate the cache, a function called flush_rule_cache has been introduced for this purpose. Signed-off-by: Pablo M. Bermudo Garay <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/nft.h')
1 files changed, 1 insertions, 0 deletions
diff --git a/iptables/nft.h b/iptables/nft.h
index f5449db4..41265930 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -35,6 +35,7 @@ struct nft_handle {
struct mnl_nlmsg_batch *batch;
struct nft_family_ops *ops;
struct builtin_table *tables;
+ struct nftnl_rule_list *rule_cache;
bool restore;
bool batch_support;