diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-11-24 20:06:51 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-11-25 00:15:22 +0100 |
| commit | 8764c35382fdf8ae6c7c4252042fc32397197ffe (patch) | |
| tree | 5c538e917bdef1c7fc6ad437da6c406454f8a932 /src | |
| parent | 99af859adcf8b8d44ac8a2202467f4b7b4987e3f (diff) | |
netlink: improve rule deletion per chain
With this patch, nft asks the kernel for deleting all rules in a chain.
This replaces the current behaviour that requires to dump all the rules,
then iterate over that list to delete one by one, which is prone to races
and slowier.
After this patch, the following two commands are equivalent:
nft flush chain filter input
nft delete rule filter input
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/netlink.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/netlink.c b/src/netlink.c index 15cba793..533634af 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -645,7 +645,7 @@ int netlink_list_chain(struct netlink_ctx *ctx, const struct handle *h, int netlink_flush_chain(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc) { - return netlink_flush_rules(ctx, h, loc); + return netlink_del_rule_batch(ctx, h, loc); } int netlink_add_table(struct netlink_ctx *ctx, const struct handle *h, |