From 70a3c1a07585de64b5780a415dc157079c34911b Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Tue, 7 Apr 2020 21:17:21 +0200
Subject: ebtables-restore: Table line to trigger implicit commit

Cache code is suited for holding multiple tables' data at once. The only
users of that are xtables-save and ebtables-restore with its support for
multiple tables and lack of explicit COMMIT lines.

Remove the second user by introducing implicit commits upon table line
parsing. This would allow to make cache single table only, but then
xtables-save would fetch cache multiple times (once for each table) and
therefore lose atomicity with regards to the acquired kernel ruleset
image.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/xtables-restore.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'iptables')

diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index bef0dd22..136bff8e 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -128,6 +128,10 @@ static void xtables_restore_parse_line(struct nft_handle *h,
 		if (p->tablename && (strcmp(p->tablename, table) != 0))
 			return;
 
+		/* implicit commit if no explicit COMMIT supported */
+		if (!p->commit)
+			cb->commit(h);
+
 		if (h->noflush == 0) {
 			DEBUGP("Cleaning all chains of table '%s'\n", table);
 			if (cb->table_flush)
-- 
cgit v1.2.3