diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-04-01 20:10:08 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-04-01 20:11:54 +0200 |
| commit | 63d2e9da685121be2d3ee7d7514887d634c159e0 (patch) | |
| tree | 79e23b35e69f43163637c7334f247db604965f24 | |
| parent | 7d91223669030c41045d8514fe9b3b997342da63 (diff) | |
evaluate: do not inconditionally update cache from flush command
This is only required by sets, maps and meters, skip cache.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/evaluate.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index d224f0f3..d6961099 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3231,11 +3231,6 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) struct set *set; int ret; - ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs, - ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx); - if (ret < 0) - return ret; - switch (cmd->obj) { case CMD_OBJ_RULESET: cache_flush(&ctx->cache->list); @@ -3248,6 +3243,11 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) /* Chains don't hold sets */ break; case CMD_OBJ_SET: + ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs, + ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx); + if (ret < 0) + return ret; + table = table_lookup(&cmd->handle, ctx->cache); if (table == NULL) return cmd_error(ctx, "Could not process rule: Table '%s' does not exist", @@ -3258,6 +3258,11 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) cmd->handle.set); return 0; case CMD_OBJ_MAP: + ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs, + ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx); + if (ret < 0) + return ret; + table = table_lookup(&cmd->handle, ctx->cache); if (table == NULL) return cmd_error(ctx, "Could not process rule: Table '%s' does not exist", @@ -3268,6 +3273,11 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) cmd->handle.set); return 0; case CMD_OBJ_METER: + ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs, + ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx); + if (ret < 0) + return ret; + table = table_lookup(&cmd->handle, ctx->cache); if (table == NULL) return cmd_error(ctx, "Could not process rule: Table '%s' does not exist", |