From f806ee67b5178342d18c8cd3e9201190d8a82c41 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 19 Mar 2020 18:58:29 +0100 Subject: nft: cache: Fetch cache for specific chains Iterate over command list and collect chains to cache. Insert them into a sorted list to pass to __nft_build_cache(). If a command is interested in all chains (e.g., --list), cmd->chain remains unset. To record this case reliably, use a boolean ('all_chains'). Otherwise, it is hard to distinguish between first call to nft_cache_level_set() and previous command with NULL cmd->chain value. When caching only specific chains, manually add builtin ones for the given table as well - otherwise nft_xt_builtin_init() will act as if they don't exist and possibly override non-default chain policies. Signed-off-by: Phil Sutter --- iptables/nft.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'iptables/nft.h') diff --git a/iptables/nft.h b/iptables/nft.h index 4eaaa77f..aeacc608 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -71,9 +71,16 @@ enum obj_update_type { NFT_COMPAT_TABLE_NEW, }; +struct cache_chain { + struct list_head head; + char *name; +}; + struct nft_cache_req { enum nft_cache_level level; char *table; + bool all_chains; + struct list_head chain_list; }; struct nft_handle { -- cgit v1.2.3