Cache code is suited for holding multiple tables' data at once. The only
users of that are xtables-save and ebtables-restore with its support for
multiple tables and lack of explicit COMMIT lines.
Remove the second user by introducing implicit commits upon table line
parsing. This would allow to make cache single table only, but then
xtables-save would fetch cache multiple times (once for each table) and
therefore lose atomicity with regards to the acquired kernel ruleset
image.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
Changes since v1:
- Drop the custom table_new callback, committing from there is too late
since table_flush happens before. Instead explicitly call commit()
from parser.
---
iptables/xtables-restore.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index fe7148c9fcb3f..53a0d3738eb74 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -126,6 +126,10 @@ static void xtables_restore_parse_line(struct nft_handle *h,
if (p->tablename && (strcmp(p->tablename, table) != 0))
return;
+ /* implicit commit if no explicit COMMIT supported */
+ if (!p->commit)
+ cb->commit(h);
+
if (h->noflush == 0) {
DEBUGP("Cleaning all chains of table '%s'\n", table);
if (cb->table_flush)
--
2.25.1
