diff options
authorPhil Sutter <>2017-10-23 17:33:17 +0200
committerPablo Neira Ayuso <>2017-10-24 15:23:55 +0200
commit2a3f699d99898c50c51987f8fb64cd5b11ad0dd6 (patch)
parent49900d448ac95ecabd038a9936d467d6e37aacec (diff)
libnftables: Introduce nft_ctx_flush_cache()
This allows an application to explicitly flush caches associated with a given nft context, as seen in cli_complete(). Note that this is a bit inconsistent in that it releases the global interface cache, but nft_ctx_free() does the same so at least it's not a regression. Note that there is no need for explicit cache update routine since cache is populated during command execution depending on whether it is needed or not. Signed-off-by: Phil Sutter <> Signed-off-by: Pablo Neira Ayuso <>
3 files changed, 9 insertions, 4 deletions
diff --git a/include/nftables/nftables.h b/include/nftables/nftables.h
index 44d3e95d..1207f10c 100644
--- a/include/nftables/nftables.h
+++ b/include/nftables/nftables.h
@@ -51,6 +51,7 @@ enum nftables_exit_codes {
struct nft_ctx *nft_ctx_new(uint32_t flags);
void nft_ctx_free(struct nft_ctx *ctx);
FILE *nft_ctx_set_output(struct nft_ctx *ctx, FILE *fp);
+void nft_ctx_flush_cache(struct nft_ctx *ctx);
int nft_run_cmd_from_buffer(struct nft_ctx *nft, char *buf, size_t buflen);
int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename);
diff --git a/src/cli.c b/src/cli.c
index cadc3af6..3174cfed 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -140,8 +140,7 @@ static void cli_complete(char *line)
nft_run(cli_nft, cli_nf_sock, scanner, state, &msgs);
erec_print_list(&cli_nft->output, &msgs, cli_nft->debug_mask);
- cache_release(&cli_nft->cache);
- iface_cache_release();
+ nft_ctx_flush_cache(cli_nft);
static char **cli_completion(const char *text, int start, int end)
diff --git a/src/libnftables.c b/src/libnftables.c
index 9bc51dd8..d34e5275 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -147,13 +147,18 @@ struct nft_ctx *nft_ctx_new(uint32_t flags)
return ctx;
+void nft_ctx_flush_cache(struct nft_ctx *ctx)
+ iface_cache_release();
+ cache_release(&ctx->cache);
void nft_ctx_free(struct nft_ctx *ctx)
if (ctx->nf_sock)
- iface_cache_release();
- cache_release(&ctx->cache);
+ nft_ctx_flush_cache(ctx);