diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-07 13:35:52 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-07 13:56:02 +0200 |
| commit | 40fb9d6f6bea86b812314b3c879746d957fbb769 (patch) | |
| tree | 6b94051f754c30393164f781995dd2c03f9b2312 | |
| parent | 5d22fc81fe27e24dba7a78743318a401353e506b (diff) | |
src: do not reset generation ID on ruleset flush
If 'flush ruleset' command is done, release the cache but still keep the
generation ID around. Hence, follow up calls to cache_update() will
assume that cache is updated and will not perform a netlink dump.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | include/rule.h | 4 | ||||
| -rw-r--r-- | src/evaluate.c | 3 | ||||
| -rw-r--r-- | src/rule.c | 21 |
3 files changed, 24 insertions, 4 deletions
diff --git a/include/rule.h b/include/rule.h index cfecf7ff..909ff36d 100644 --- a/include/rule.h +++ b/include/rule.h @@ -580,7 +580,9 @@ extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd); extern int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache, enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_flag, struct output_ctx *octx); -extern void cache_flush(struct list_head *table_list); +extern void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache, + enum cmd_ops cmd, struct list_head *msgs, + unsigned int debug_mask, struct output_ctx *octx); extern void cache_release(struct nft_cache *cache); enum udata_type { diff --git a/src/evaluate.c b/src/evaluate.c index 27e4f611..c4ee3cc9 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3348,7 +3348,8 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) switch (cmd->obj) { case CMD_OBJ_RULESET: - cache_flush(&ctx->cache->list); + cache_flush(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs, + ctx->debug_mask, ctx->octx); break; case CMD_OBJ_TABLE: /* Flushing a table does not empty the sets in the table nor remove @@ -187,7 +187,7 @@ replay: return 0; } -void cache_flush(struct list_head *table_list) +static void __cache_flush(struct list_head *table_list) { struct table *table, *next; @@ -197,9 +197,26 @@ void cache_flush(struct list_head *table_list) } } +void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache, + enum cmd_ops cmd, struct list_head *msgs, + unsigned int debug_mask, struct output_ctx *octx) +{ + struct netlink_ctx ctx = { + .list = LIST_HEAD_INIT(ctx.list), + .nf_sock = nf_sock, + .cache = cache, + .msgs = msgs, + .debug_mask = debug_mask, + .octx = octx, + }; + + __cache_flush(&cache->list); + cache->genid = netlink_genid_get(&ctx); +} + void cache_release(struct nft_cache *cache) { - cache_flush(&cache->list); + __cache_flush(&cache->list); cache->genid = 0; } |