From 9e62dc8637f210cdeaed784396fecab9b6e5f043 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sun, 20 Jan 2013 20:19:20 +0100
Subject: xtables-restore: support atomic commit

Use new services in nf_tables to support atomic commit.

Commit per table, although we support global commit at once,
call commit for each table to emulate iptables-restore
behaviour by now.

Keep table dormant/wake up code in iptables/nft.c as it can
be used in the future.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft.h | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'iptables/nft.h')

diff --git a/iptables/nft.h b/iptables/nft.h
index f7ed0a38..834fff0d 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -8,6 +8,7 @@ struct nft_handle {
 	struct mnl_socket	*nl;
 	uint32_t		portid;
 	uint32_t		seq;
+	bool			commit;
 };
 
 int nft_init(struct nft_handle *h);
@@ -55,6 +56,12 @@ int nft_rule_list_save(struct nft_handle *h, const char *chain, const char *tabl
 int nft_rule_save(struct nft_handle *h, const char *table, bool counters);
 int nft_rule_flush(struct nft_handle *h, const char *chain, const char *table);
 
+/*
+ * global commit and abort
+ */
+int nft_commit(struct nft_handle *h);
+int nft_abort(struct nft_handle *h);
+
 /*
  * revision compatibility.
  */
-- 
cgit v1.2.3