From 94a945ffa81b7f1db250e519f0b4b808428ab223 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 25 Oct 2017 13:40:29 +0200 Subject: libnftables: Get rid of explicit cache flushes In the past, CLI as a potentially long running process had to make sure it kept it's cache up to date with kernel's rule set. A simple test case is this: | shell a | shell b | | # nft -i | # nft add table ip t | | | nft> list ruleset | | table ip t { | | } | # nft flush ruleset | | | nft> list ruleset | | nft> In order to make sure interactive CLI wouldn't incorrectly list the table again in the second 'list' command, it immediately flushed it's cache after every command execution. This patch eliminates the need for that by making cache updates depend on kernel's generation ID: A cache update stores the current rule set's ID in struct nft_cache, consecutive calls to cache_update() compare that stored value to the current generation ID received from kernel - if the stored value is zero (i.e. no previous cache update did happen) or if it doesn't match the kernel's value (i.e. cache is outdated) the cache is flushed and fully initialized again. Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- src/mnl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/mnl.c') diff --git a/src/mnl.c b/src/mnl.c index 8db2a184..3be6ebaf 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -94,7 +94,7 @@ static int genid_cb(const struct nlmsghdr *nlh, void *data) return MNL_CB_OK; } -void mnl_genid_get(struct mnl_socket *nf_sock, uint32_t seqnum) +uint16_t mnl_genid_get(struct mnl_socket *nf_sock, uint32_t seqnum) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct mnl_ctx ctx = { @@ -106,6 +106,8 @@ void mnl_genid_get(struct mnl_socket *nf_sock, uint32_t seqnum) nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETGEN, AF_UNSPEC, 0, seqnum); /* Skip error checking, old kernels sets res_id field to zero. */ nft_mnl_talk(&ctx, nlh, nlh->nlmsg_len, genid_cb, NULL); + + return nft_genid; } static int check_genid(const struct nlmsghdr *nlh) -- cgit v1.2.3