xtables: initialize basechains only once on ruleset restore

We cannot assume iptables-restore files always come with explicit basechain definition, eg. :PREROUTING ACCEPT incremental ruleset updates may deliberately skip this. But loading basechains over and over again can take time, so do it just once per batch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2018-05-28 17:33:02 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-05-28 23:51:06 +0200
commit: 8d190e98564f0ed119f14444367970b7a4ecd7d2 (patch)
tree: 0fa60adb291bfb0cd0d242eb190a2e9f4b6c39b4 /iptables/nft.h
parent: 0a8635183edd097916937cc7de5a29fbea9b8d2a (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/iptables/nft.h b/iptables/nft.h
index 0cbf493e..9311662b 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -38,6 +38,7 @@ struct nft_handle {
 	struct builtin_table	*tables;
 	struct nftnl_rule_list	*rule_cache;
 	bool			restore;
+	int8_t			config_done;
 
 	/* meta data, for error reporting */
 	struct {
author	Pablo Neira Ayuso <pablo@netfilter.org>	2018-05-28 17:33:02 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-05-28 23:51:06 +0200
commit	8d190e98564f0ed119f14444367970b7a4ecd7d2 (patch)
tree	0fa60adb291bfb0cd0d242eb190a2e9f4b6c39b4 /iptables/nft.h
parent	0a8635183edd097916937cc7de5a29fbea9b8d2a (diff)