diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-08-24 11:52:36 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-08-26 10:35:23 +0200 |
commit | ecd19f46056ba7b5c29160c4b455d077217dec56 (patch) | |
tree | 115312862ae51962586456773f56c8be77959f60 /src/cache.c | |
parent | 2577939cc5758d53192d9aa3b9a6b50cded47325 (diff) |
cache: skip set element netlink dump for add/delete element command
Add NFT_CACHE_SETELEM_MAYBE to dump the set elements conditionally,
only in case that the set interval flag is set on.
Reported-by: Cristian Constantin <const.crist@googlemail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/cache.c')
-rw-r--r-- | src/cache.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/cache.c b/src/cache.c index ff63e59e..8300ce8e 100644 --- a/src/cache.c +++ b/src/cache.c @@ -38,7 +38,7 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags) NFT_CACHE_CHAIN | NFT_CACHE_SET | NFT_CACHE_OBJECT | - NFT_CACHE_SETELEM; + NFT_CACHE_SETELEM_MAYBE; break; case CMD_OBJ_RULE: flags |= NFT_CACHE_TABLE | @@ -62,7 +62,7 @@ static unsigned int evaluate_cache_del(struct cmd *cmd, unsigned int flags) { switch (cmd->obj) { case CMD_OBJ_ELEMENTS: - flags |= NFT_CACHE_SETELEM; + flags |= NFT_CACHE_SETELEM_MAYBE; break; default: break; @@ -607,6 +607,18 @@ static int cache_init_objects(struct netlink_ctx *ctx, unsigned int flags) goto cache_fails; } } + } else if (flags & NFT_CACHE_SETELEM_MAYBE) { + list_for_each_entry(set, &table->set_cache.list, cache.list) { + if (!set_is_non_concat_range(set)) + continue; + + ret = netlink_list_setelems(ctx, &set->handle, + set); + if (ret < 0) { + ret = -1; + goto cache_fails; + } + } } if (flags & NFT_CACHE_CHAIN_BIT) { ret = chain_cache_init(ctx, table, chain_list); |