From 95781fcbddcd6524f67a3357c0cf91f13be24053 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Mon, 29 Nov 2021 15:36:45 +0100 Subject: cache: Filter rule list on kernel side Instead of fetching all existing rules in kernel's ruleset and filtering in user space, add payload to the dump request specifying the table and chain to filter for. Since list_rule_cb() no longer needs the filter, pass only netlink_ctx to the callback and drop struct rule_cache_dump_ctx. Signed-off-by: Phil Sutter --- include/mnl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/mnl.h') diff --git a/include/mnl.h b/include/mnl.h index 344030f3..19faa651 100644 --- a/include/mnl.h +++ b/include/mnl.h @@ -33,8 +33,8 @@ int mnl_nft_rule_add(struct netlink_ctx *ctx, struct cmd *cmd, int mnl_nft_rule_del(struct netlink_ctx *ctx, struct cmd *cmd); int mnl_nft_rule_replace(struct netlink_ctx *ctx, struct cmd *cmd); -struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx, - int family); +struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx, int family, + const struct nft_cache_filter *filter); int mnl_nft_chain_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags); -- cgit v1.2.3