cache: add NFT_CACHE_UPDATE and NFT_CACHE_FLUSHED flags

NFT_CACHE_FLUSHED tells cache_update() to skip the netlink dump to
populate the cache, since the existing ruleset is going to flushed by
this batch.

NFT_CACHE_UPDATE tells rule_evaluate() to perform incremental updates to
the cache based on the existing batch, this is required by the rule
commands that use the index and the position selectors.

This patch removes cache_flush() which is not required anymore. This
cache removal is coming too late, in the evaluation phase, after the
initial cache_update() invocation.

Be careful with NFT_CACHE_UPDATE, this flag needs to be left in place if
NFT_CACHE_FLUSHED is set on.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 3 insertions, 2 deletions

diff --git a/include/cache.h b/include/cache.h
index d3502a8a..86a7eff7 100644
--- a/include/cache.h
+++ b/include/cache.h
@@ -30,6 +30,8 @@ enum cache_level_flags {
 				  NFT_CACHE_CHAIN_BIT |
 				  NFT_CACHE_RULE_BIT,
 	NFT_CACHE_FULL		= __NFT_CACHE_MAX_BIT - 1,
+	NFT_CACHE_UPDATE	= (1 << 30),
+	NFT_CACHE_FLUSHED	= (1 << 31),
 };
 
 #endif /* _NFT_CACHE_H_ */
diff --git a/include/rule.h b/include/rule.h
index 67c3d331..ee881b9c 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -679,9 +679,8 @@ extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd);
 extern unsigned int cache_evaluate(struct nft_ctx *nft, struct list_head *cmds);
 extern int cache_update(struct nft_ctx *ctx, enum cmd_ops cmd,
 			struct list_head *msgs);
-extern void cache_flush(struct nft_ctx *ctx, struct list_head *msgs);
+extern bool cache_needs_update(struct nft_cache *cache);
 extern void cache_release(struct nft_cache *cache);
-extern bool cache_is_complete(struct nft_cache *cache, enum cmd_ops cmd);
 
 struct timeout_protocol {
 	uint32_t array_size;