diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-01-20 20:19:20 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:23 +0100 |
commit | 9e62dc8637f210cdeaed784396fecab9b6e5f043 (patch) | |
tree | e53163246d426495c972e8176f6c681067ecddec /iptables/xtables-restore.c | |
parent | 0aad20f3979e3b6becd40e4ed5bba8d09d90706e (diff) |
xtables-restore: support atomic commit
Use new services in nf_tables to support atomic commit.
Commit per table, although we support global commit at once,
call commit for each table to emulate iptables-restore
behaviour by now.
Keep table dormant/wake up code in iptables/nft.c as it can
be used in the future.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/xtables-restore.c')
-rw-r--r-- | iptables/xtables-restore.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 9778a9f7..ca9e0c05 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -164,6 +164,7 @@ xtables_restore_main(int argc, char *argv[]) { struct nft_handle h = { .family = AF_INET, /* default to IPv4 */ + .commit = true, }; char buffer[10240]; int c; @@ -253,10 +254,14 @@ xtables_restore_main(int argc, char *argv[]) continue; } else if ((strcmp(buffer, "COMMIT\n") == 0) && (in_table)) { if (!testing) { - if (nft_table_wake_dormant(&h, curtable) < 0) { - fprintf(stderr, "Failed to wake up " - "dormant table `%s'\n", - curtable); + /* Commit per table, although we support + * global commit at once, stick by now to + * the existing behaviour. + */ + if (nft_commit(&h)) { + fprintf(stderr, "Failed to commit " + "table %s\n", + curtable); } DEBUGP("Calling commit\n"); ret = 1; @@ -288,7 +293,6 @@ xtables_restore_main(int argc, char *argv[]) if (tablename && (strcmp(tablename, table) != 0)) continue; - nft_table_set_dormant(&h, table); if (noflush == 0) { DEBUGP("Cleaning all chains of table '%s'\n", table); @@ -426,6 +430,14 @@ xtables_restore_main(int argc, char *argv[]) DEBUGP("argv[%u]: %s\n", a, newargv[a]); ret = do_commandx(&h, newargc, newargv, &newargv[2]); + if (ret < 0) { + ret = nft_abort(&h); + if (ret < 0) { + fprintf(stderr, "failed to abort " + "commit operation\n"); + } + exit(1); + } free_argv(); fflush(stdout); |