From 862818ac3a0de5642444dfc9aa06e0f6fbb3ef38 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Tue, 23 Apr 2019 15:16:22 +0200
Subject: xtables: add and use nft_build_cache

Will be used with the "generation id" infrastructure.
When we're told that the commit failed because someone else made
changes, we can use this to re-initialize the cache and then
revalidate the transaction list (e.g. to detect that we now have
to flush the user-defined chain 'foo' that we wanted to create, but
was added just now by someone else).

Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft.c | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

(limited to 'iptables/nft.c')

diff --git a/iptables/nft.c b/iptables/nft.c
index 1cef7a13..4c9ce1a2 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1486,6 +1486,28 @@ static int fetch_rule_cache(struct nft_handle *h)
 	return 0;
 }
 
+static void __nft_build_cache(struct nft_handle *h)
+{
+	fetch_chain_cache(h);
+	fetch_rule_cache(h);
+	h->have_cache = true;
+}
+
+
+void nft_build_cache(struct nft_handle *h)
+{
+	if (!h->have_cache)
+		__nft_build_cache(h);
+}
+
+void nft_rebuild_cache(struct nft_handle *h)
+{
+	if (!h->have_cache)
+		flush_chain_cache(h, NULL);
+
+	__nft_build_cache(h);
+}
+
 struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h,
 					    const char *table)
 {
@@ -1495,11 +1517,7 @@ struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h,
 	if (!t)
 		return NULL;
 
-	if (!h->have_cache) {
-		fetch_chain_cache(h);
-		fetch_rule_cache(h);
-		h->have_cache = true;
-	}
+	nft_build_cache(h);
 
 	return h->table[t->type].chain_cache;
 }
-- 
cgit v1.2.3