This patchset updates the cache logic: * Update nft_table_list_get() to use a list of tables from the cache, instead of listing them from the kernel. * Ensure cache consistency by checking for generation ID is consistent when building up the cache. Without this, we may end up with an inconsistent cache, hence defeating the refresh transaction logic. The other patches are just a few preparation patches to allow to maintain the original cache and a cache that is refreshed everytime this hits ERESTART. My plan is to send another batch to revisit the refresh transaction logic after this patchset, since 0004-restore-race_0 still does not work after this. Pablo Neira Ayuso (6): nft: add struct nft_cache nft: statify nft_rebuild_cache() nft: add __nft_table_builtin_find() nft: add flush_cache() nft: cache table list nft: ensure cache consistency iptables/nft.c | 195 ++++++++++++++++++++++++++++++++++----------------------- iptables/nft.h | 15 +++-- 2 files changed, 126 insertions(+), 84 deletions(-) -- 2.11.0
