On Thu, Oct 19, 2017 at 10:18:43AM +0200, Phil Sutter wrote:
> This allows an application to explicitly flush caches associated with a
> given nft context.
>
> Note that this is a bit inconsistent in that it releases the global
> interface cache, but nft_ctx_free() does the same so at least it's not a
> regression.
>
> Signed-off-by: Phil Sutter <phil@xxxxxx>
> ---
> include/nftables/nftables.h | 1 +
> src/libnftables.c | 9 +++++++--
> 2 files changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/include/nftables/nftables.h b/include/nftables/nftables.h
> index 052a77bfb5371..fbc6fd4252a97 100644
> --- a/include/nftables/nftables.h
> +++ b/include/nftables/nftables.h
> @@ -77,6 +77,7 @@ enum nftables_exit_codes {
> struct nft_ctx *nft_ctx_new(uint32_t flags);
> void nft_ctx_free(struct nft_ctx *ctx);
> FILE *nft_ctx_set_output(struct nft_ctx *ctx, FILE *fp);
> +void nft_ctx_flush_cache(struct nft_ctx *ctx);
>
> int nft_run(struct nft_ctx *nft, struct mnl_socket *nf_sock,
> void *scanner, struct parser_state *state,
> diff --git a/src/libnftables.c b/src/libnftables.c
> index 187747c66af21..0de50c854d572 100644
> --- a/src/libnftables.c
> +++ b/src/libnftables.c
> @@ -146,13 +146,18 @@ struct nft_ctx *nft_ctx_new(uint32_t flags)
> return ctx;
> }
>
> +void nft_ctx_flush_cache(struct nft_ctx *ctx)
> +{
> + iface_cache_release();
> + cache_release(&ctx->cache);
> +}
This flush allows us to release the cache, but nft_ctx_alloc()
populates it. I'm missing something here, can we force a context
repopulation?
If there is no usecase for this yet, I would keep this behind by now.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
