This allows an application to explicitly flush caches associated with a
given nft context.
Note that this is a bit inconsistent in that it releases the global
interface cache, but nft_ctx_free() does the same so at least it's not a
regression.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
include/nftables/nftables.h | 1 +
src/libnftables.c | 9 +++++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/include/nftables/nftables.h b/include/nftables/nftables.h
index 052a77bfb5371..fbc6fd4252a97 100644
--- a/include/nftables/nftables.h
+++ b/include/nftables/nftables.h
@@ -77,6 +77,7 @@ enum nftables_exit_codes {
struct nft_ctx *nft_ctx_new(uint32_t flags);
void nft_ctx_free(struct nft_ctx *ctx);
FILE *nft_ctx_set_output(struct nft_ctx *ctx, FILE *fp);
+void nft_ctx_flush_cache(struct nft_ctx *ctx);
int nft_run(struct nft_ctx *nft, struct mnl_socket *nf_sock,
void *scanner, struct parser_state *state,
diff --git a/src/libnftables.c b/src/libnftables.c
index 187747c66af21..0de50c854d572 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -146,13 +146,18 @@ struct nft_ctx *nft_ctx_new(uint32_t flags)
return ctx;
}
+void nft_ctx_flush_cache(struct nft_ctx *ctx)
+{
+ iface_cache_release();
+ cache_release(&ctx->cache);
+}
+
void nft_ctx_free(struct nft_ctx *ctx)
{
if (ctx->nf_sock)
netlink_close_sock(ctx->nf_sock);
- iface_cache_release();
- cache_release(&ctx->cache);
+ nft_ctx_flush_cache(ctx);
xfree(ctx);
nft_exit();
}
--
2.13.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
