nft-cache: Introduce cache levels

Replace the simple have_cache boolean by a cache level indicator defining how complete the cache is. Since have_cache indicated full cache (including rules), make code depending on it check for cache level NFT_CL_RULES. Core cache fetching routine __nft_build_cache() accepts a new level via parameter and raises cache completeness to that level. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Phil Sutter <phil@nwl.cc> 2019-10-01 16:23:24 +0200
committer: Phil Sutter <phil@nwl.cc> 2019-10-17 19:02:18 +0200
commit: 5b5c998da4bdb9e4f1d023e06c983b07c3703af0 (patch)
tree: 0c0f0c09b738d40efc50ba56f58b3216e1caf93b /iptables/nft.h
parent: 124587ad42cd7b83e3204b49f1f1e2a0b782c320 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/iptables/nft.h b/iptables/nft.h
index 451c2660..9ae3122a 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -27,6 +27,13 @@ struct builtin_table {
 	struct builtin_chain chains[NF_INET_NUMHOOKS];
 };
 
+enum nft_cache_level {
+	NFT_CL_NONE,
+	NFT_CL_TABLES,
+	NFT_CL_CHAINS,
+	NFT_CL_RULES
+};
+
 struct nft_cache {
 	struct nftnl_table_list		*tables;
 	struct {
@@ -53,7 +60,7 @@ struct nft_handle {
 	unsigned int		cache_index;
 	struct nft_cache	__cache[2];
 	struct nft_cache	*cache;
-	bool			have_cache;
+	enum nft_cache_level	cache_level;
 	bool			restore;
 	bool			noflush;
 	int8_t			config_done;
author	Phil Sutter <phil@nwl.cc>	2019-10-01 16:23:24 +0200
committer	Phil Sutter <phil@nwl.cc>	2019-10-17 19:02:18 +0200
commit	5b5c998da4bdb9e4f1d023e06c983b07c3703af0 (patch)
tree	0c0f0c09b738d40efc50ba56f58b3216e1caf93b /iptables/nft.h
parent	124587ad42cd7b83e3204b49f1f1e2a0b782c320 (diff)