ebtables-restore: Table line to trigger implicit commit

Cache code is suited for holding multiple tables' data at once. The only
users of that are xtables-save and ebtables-restore with its support for
multiple tables and lack of explicit COMMIT lines.

Remove the second user by introducing implicit commits upon table line
parsing. This would allow to make cache single table only, but then
xtables-save would fetch cache multiple times (once for each table) and
therefore lose atomicity with regards to the acquired kernel ruleset
image.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index bef0dd2232e2b78328d1dbd8ebccfaadb0d0736e..136bff8e067fdf588496b274d4c97d01a3bb2460 100644 (file)
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -128,6 +128,10 @@ static void xtables_restore_parse_line(struct nft_handle *h,
                if (p->tablename && (strcmp(p->tablename, table) != 0))
                        return;
 
+               /* implicit commit if no explicit COMMIT supported */
+               if (!p->commit)
+                       cb->commit(h);
+
                if (h->noflush == 0) {
                        DEBUGP("Cleaning all chains of table '%s'\n", table);
                        if (cb->table_flush)