summaryrefslogtreecommitdiffstats
path: root/iptables/nft.h
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2020-07-10 18:23:50 +0200
committerPhil Sutter <phil@nwl.cc>2020-12-21 18:33:21 +0100
commitfd4b9bf08b9eb4994bbba426426a978c5b9af590 (patch)
tree5e4242fa03bda4186ccf1e3a49b30e58dec90ac3 /iptables/nft.h
parente28cf12cf50b9e2e0114f04331635fc122cb8aef (diff)
nft: Avoid pointless table/chain creation
Accept a chain name in nft_xt_builtin_init() to limit the base chain creation to that specific chain only. Introduce nft_xt_builtin_table_init() to create just the table for situations where no builtin chains are needed but the command may still succeed in an empty ruleset, particularly when creating a custom chain, restoring base chains or adding a set for ebtables among match. Introduce nft_xt_fake_builtin_chains(), a function to call after cache has been populated to fill empty base chain slots. This keeps ruleset listing output intact if some base chains do not exist (or even the whole ruleset is completely empty). Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft.h')
-rw-r--r--iptables/nft.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/iptables/nft.h b/iptables/nft.h
index 1a2506ee..0910f82a 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -136,6 +136,7 @@ bool nft_table_find(struct nft_handle *h, const char *tablename);
int nft_table_purge_chains(struct nft_handle *h, const char *table, struct nftnl_chain_list *list);
int nft_table_flush(struct nft_handle *h, const char *table);
const struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const char *table);
+int nft_xt_fake_builtin_chains(struct nft_handle *h, const char *table, const char *chain);
/*
* Operations with chains.