From 63d2e9da685121be2d3ee7d7514887d634c159e0 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sun, 1 Apr 2018 20:10:08 +0200
Subject: evaluate: do not inconditionally update cache from flush command

This is only required by sets, maps and meters, skip cache.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/evaluate.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/evaluate.c b/src/evaluate.c
index d224f0f3..d6961099 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3231,11 +3231,6 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
 	struct set *set;
 	int ret;
 
-	ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
-			   ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
-	if (ret < 0)
-		return ret;
-
 	switch (cmd->obj) {
 	case CMD_OBJ_RULESET:
 		cache_flush(&ctx->cache->list);
@@ -3248,6 +3243,11 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
 		/* Chains don't hold sets */
 		break;
 	case CMD_OBJ_SET:
+		ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
+				   ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
+		if (ret < 0)
+			return ret;
+
 		table = table_lookup(&cmd->handle, ctx->cache);
 		if (table == NULL)
 			return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
@@ -3258,6 +3258,11 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
 					 cmd->handle.set);
 		return 0;
 	case CMD_OBJ_MAP:
+		ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
+				   ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
+		if (ret < 0)
+			return ret;
+
 		table = table_lookup(&cmd->handle, ctx->cache);
 		if (table == NULL)
 			return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
@@ -3268,6 +3273,11 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
 					 cmd->handle.set);
 		return 0;
 	case CMD_OBJ_METER:
+		ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
+				   ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
+		if (ret < 0)
+			return ret;
+
 		table = table_lookup(&cmd->handle, ctx->cache);
 		if (table == NULL)
 			return cmd_error(ctx, "Could not process rule: Table '%s' does not exist",
-- 
cgit v1.2.3