diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-09-29 18:01:47 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-09-30 00:30:49 +0200 |
commit | 635ee1cad8aa03263f56ff9d29c77942cf514d4e (patch) | |
tree | c669a0abbde5a17a9dd4b080ba2f52bf6ad187ff | |
parent | 3f1d3912c3a6b42158149a97f59d1c01debfd132 (diff) |
cache: filter out sets and maps that are not requested
Do not fetch set content for list commands that specify a
set name.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | include/cache.h | 1 | ||||
-rw-r--r-- | src/cache.c | 21 |
2 files changed, 20 insertions, 2 deletions
diff --git a/include/cache.h b/include/cache.h index 3130b2c0..05233588 100644 --- a/include/cache.h +++ b/include/cache.h @@ -40,6 +40,7 @@ enum cache_level_flags { struct nft_cache_filter { const char *table; + const char *set; }; struct nft_cache; diff --git a/src/cache.c b/src/cache.c index 6684111f..584328eb 100644 --- a/src/cache.c +++ b/src/cache.c @@ -137,6 +137,14 @@ static unsigned int evaluate_cache_list(struct cmd *cmd, unsigned int flags, flags |= NFT_CACHE_FULL | NFT_CACHE_REFRESH; break; + case CMD_OBJ_SET: + case CMD_OBJ_MAP: + if (filter && cmd->handle.table.name && cmd->handle.set.name) { + filter->table = cmd->handle.table.name; + filter->set = cmd->handle.set.name; + } + flags |= NFT_CACHE_FULL | NFT_CACHE_REFRESH; + break; case CMD_OBJ_CHAINS: flags |= NFT_CACHE_TABLE | NFT_CACHE_CHAIN; break; @@ -342,6 +350,7 @@ struct chain *chain_cache_find(const struct table *table, const char *name) struct set_cache_dump_ctx { struct netlink_ctx *nlctx; struct table *table; + const struct nft_cache_filter *filter; }; static int set_cache_cb(struct nftnl_set *nls, void *arg) @@ -355,6 +364,12 @@ static int set_cache_cb(struct nftnl_set *nls, void *arg) if (!set) return -1; + if (ctx->filter && ctx->filter->set && + (strcmp(ctx->filter->set, set->handle.set.name))) { + set_free(set); + return 0; + } + set_name = nftnl_set_get_str(nls, NFTNL_SET_NAME); hash = djb_hash(set_name) % NFT_CACHE_HSIZE; cache_add(&set->cache, &ctx->table->set_cache, hash); @@ -363,11 +378,13 @@ static int set_cache_cb(struct nftnl_set *nls, void *arg) } static int set_cache_init(struct netlink_ctx *ctx, struct table *table, - struct nftnl_set_list *set_list) + struct nftnl_set_list *set_list, + const struct nft_cache_filter *filter) { struct set_cache_dump_ctx dump_ctx = { .nlctx = ctx, .table = table, + .filter = filter, }; nftnl_set_list_foreach(set_list, set_cache_cb, &dump_ctx); @@ -643,7 +660,7 @@ static int cache_init_objects(struct netlink_ctx *ctx, unsigned int flags, ret = -1; goto cache_fails; } - ret = set_cache_init(ctx, table, set_list); + ret = set_cache_init(ctx, table, set_list, filter); nftnl_set_list_free(set_list); |