summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2021-09-29 18:01:47 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2021-09-30 00:30:49 +0200
commit635ee1cad8aa03263f56ff9d29c77942cf514d4e (patch)
treec669a0abbde5a17a9dd4b080ba2f52bf6ad187ff
parent3f1d3912c3a6b42158149a97f59d1c01debfd132 (diff)
cache: filter out sets and maps that are not requested
Do not fetch set content for list commands that specify a set name. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat
-rw-r--r--include/cache.h1
-rw-r--r--src/cache.c21
2 files changed, 20 insertions, 2 deletions
diff --git a/include/cache.h b/include/cache.h
index 3130b2c0..05233588 100644
--- a/include/cache.h
+++ b/include/cache.h
@@ -40,6 +40,7 @@ enum cache_level_flags {
struct nft_cache_filter {
const char *table;
+ const char *set;
};
struct nft_cache;
diff --git a/src/cache.c b/src/cache.c
index 6684111f..584328eb 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -137,6 +137,14 @@ static unsigned int evaluate_cache_list(struct cmd *cmd, unsigned int flags,
flags |= NFT_CACHE_FULL | NFT_CACHE_REFRESH;
break;
+ case CMD_OBJ_SET:
+ case CMD_OBJ_MAP:
+ if (filter && cmd->handle.table.name && cmd->handle.set.name) {
+ filter->table = cmd->handle.table.name;
+ filter->set = cmd->handle.set.name;
+ }
+ flags |= NFT_CACHE_FULL | NFT_CACHE_REFRESH;
+ break;
case CMD_OBJ_CHAINS:
flags |= NFT_CACHE_TABLE | NFT_CACHE_CHAIN;
break;
@@ -342,6 +350,7 @@ struct chain *chain_cache_find(const struct table *table, const char *name)
struct set_cache_dump_ctx {
struct netlink_ctx *nlctx;
struct table *table;
+ const struct nft_cache_filter *filter;
};
static int set_cache_cb(struct nftnl_set *nls, void *arg)
@@ -355,6 +364,12 @@ static int set_cache_cb(struct nftnl_set *nls, void *arg)
if (!set)
return -1;
+ if (ctx->filter && ctx->filter->set &&
+ (strcmp(ctx->filter->set, set->handle.set.name))) {
+ set_free(set);
+ return 0;
+ }
+
set_name = nftnl_set_get_str(nls, NFTNL_SET_NAME);
hash = djb_hash(set_name) % NFT_CACHE_HSIZE;
cache_add(&set->cache, &ctx->table->set_cache, hash);
@@ -363,11 +378,13 @@ static int set_cache_cb(struct nftnl_set *nls, void *arg)
}
static int set_cache_init(struct netlink_ctx *ctx, struct table *table,
- struct nftnl_set_list *set_list)
+ struct nftnl_set_list *set_list,
+ const struct nft_cache_filter *filter)
{
struct set_cache_dump_ctx dump_ctx = {
.nlctx = ctx,
.table = table,
+ .filter = filter,
};
nftnl_set_list_foreach(set_list, set_cache_cb, &dump_ctx);
@@ -643,7 +660,7 @@ static int cache_init_objects(struct netlink_ctx *ctx, unsigned int flags,
ret = -1;
goto cache_fails;
}
- ret = set_cache_init(ctx, table, set_list);
+ ret = set_cache_init(ctx, table, set_list, filter);
nftnl_set_list_free(set_list);