From 3ab02db5f836ae0cf9fe7fba616d7eb52139d537 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 23 Jul 2019 15:03:23 +0200 Subject: cache: add NFT_CACHE_UPDATE and NFT_CACHE_FLUSHED flags NFT_CACHE_FLUSHED tells cache_update() to skip the netlink dump to populate the cache, since the existing ruleset is going to flushed by this batch. NFT_CACHE_UPDATE tells rule_evaluate() to perform incremental updates to the cache based on the existing batch, this is required by the rule commands that use the index and the position selectors. This patch removes cache_flush() which is not required anymore. This cache removal is coming too late, in the evaluation phase, after the initial cache_update() invocation. Be careful with NFT_CACHE_UPDATE, this flag needs to be left in place if NFT_CACHE_FLUSHED is set on. Signed-off-by: Pablo Neira Ayuso --- include/cache.h | 2 ++ include/rule.h | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/cache.h b/include/cache.h index d3502a8a..86a7eff7 100644 --- a/include/cache.h +++ b/include/cache.h @@ -30,6 +30,8 @@ enum cache_level_flags { NFT_CACHE_CHAIN_BIT | NFT_CACHE_RULE_BIT, NFT_CACHE_FULL = __NFT_CACHE_MAX_BIT - 1, + NFT_CACHE_UPDATE = (1 << 30), + NFT_CACHE_FLUSHED = (1 << 31), }; #endif /* _NFT_CACHE_H_ */ diff --git a/include/rule.h b/include/rule.h index 67c3d331..ee881b9c 100644 --- a/include/rule.h +++ b/include/rule.h @@ -679,9 +679,8 @@ extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd); extern unsigned int cache_evaluate(struct nft_ctx *nft, struct list_head *cmds); extern int cache_update(struct nft_ctx *ctx, enum cmd_ops cmd, struct list_head *msgs); -extern void cache_flush(struct nft_ctx *ctx, struct list_head *msgs); +extern bool cache_needs_update(struct nft_cache *cache); extern void cache_release(struct nft_cache *cache); -extern bool cache_is_complete(struct nft_cache *cache, enum cmd_ops cmd); struct timeout_protocol { uint32_t array_size; -- cgit v1.2.3