diff options
author | Phil Sutter <phil@nwl.cc> | 2017-10-25 13:40:29 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-10-26 20:14:24 +0200 |
commit | 94a945ffa81b7f1db250e519f0b4b808428ab223 (patch) | |
tree | 869b5960a682e6379762db0cd385b4aec52b6c4b /include/netlink.h | |
parent | f8596968a650c66e0b4d5895b700d03d7518b245 (diff) |
libnftables: Get rid of explicit cache flushes
In the past, CLI as a potentially long running process had to make sure
it kept it's cache up to date with kernel's rule set. A simple test case
is this:
| shell a | shell b
| | # nft -i
| # nft add table ip t |
| | nft> list ruleset
| | table ip t {
| | }
| # nft flush ruleset |
| | nft> list ruleset
| | nft>
In order to make sure interactive CLI wouldn't incorrectly list the
table again in the second 'list' command, it immediately flushed it's
cache after every command execution.
This patch eliminates the need for that by making cache updates depend
on kernel's generation ID: A cache update stores the current rule set's
ID in struct nft_cache, consecutive calls to cache_update() compare that
stored value to the current generation ID received from kernel - if the
stored value is zero (i.e. no previous cache update did happen) or if it
doesn't match the kernel's value (i.e. cache is outdated) the cache is
flushed and fully initialized again.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/netlink.h')
-rw-r--r-- | include/netlink.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/netlink.h b/include/netlink.h index 2ca6f345..b30c05f8 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -191,7 +191,7 @@ extern void netlink_dump_obj(struct nftnl_obj *nlo, struct netlink_ctx *ctx); extern int netlink_batch_send(struct netlink_ctx *ctx, struct list_head *err_list); -extern void netlink_genid_get(struct mnl_socket *nf_sock, uint32_t seqnum); +extern uint16_t netlink_genid_get(struct mnl_socket *nf_sock, uint32_t seqnum); extern void netlink_restart(struct mnl_socket *nf_sock); #define netlink_abi_error() \ __netlink_abi_error(__FILE__, __LINE__, strerror(errno)); |