diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-07-16 11:48:33 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-07-16 19:53:43 +0200 |
commit | 543e7f405e3dc502ef0a69f0b85a745bdbc998ee (patch) | |
tree | 6fdb44ef203e067189dde9b7029bc8cc24584d19 /src/cache.c | |
parent | 83fca32ec0e18a601c8f250f2767b5bba88566b6 (diff) |
cache: incorrect flags for create commands
# nft create table testD
# nft create chain testD test6
Error: No such file or directory
create chain testD test6
^^^^^
Handle 'create' command just like 'add' and 'insert'. Check for object
types to dump the tables for more fine grain listing, instead of dumping
the whole ruleset.
Fixes: 7df42800cf89 ("src: single cache_update() call to build cache before evaluation")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/cache.c')
-rw-r--r-- | src/cache.c | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/src/cache.c b/src/cache.c index d371c548..e04ead85 100644 --- a/src/cache.c +++ b/src/cache.c @@ -16,10 +16,29 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags) { switch (cmd->obj) { + case CMD_OBJ_CHAIN: + case CMD_OBJ_SET: + case CMD_OBJ_COUNTER: + case CMD_OBJ_QUOTA: + case CMD_OBJ_LIMIT: + case CMD_OBJ_SECMARK: + case CMD_OBJ_FLOWTABLE: + flags |= NFT_CACHE_TABLE; + break; case CMD_OBJ_SETELEM: - flags |= NFT_CACHE_SETELEM; + flags |= NFT_CACHE_TABLE | + NFT_CACHE_CHAIN | + NFT_CACHE_SET | + NFT_CACHE_OBJECT | + NFT_CACHE_SETELEM; break; case CMD_OBJ_RULE: + flags |= NFT_CACHE_TABLE | + NFT_CACHE_CHAIN | + NFT_CACHE_SET | + NFT_CACHE_OBJECT | + NFT_CACHE_FLOWTABLE; + if (cmd->handle.index.id || cmd->handle.position.id) flags |= NFT_CACHE_RULE; @@ -83,18 +102,11 @@ unsigned int cache_evaluate(struct nft_ctx *nft, struct list_head *cmds) switch (cmd->op) { case CMD_ADD: case CMD_INSERT: + case CMD_CREATE: if (nft_output_echo(&nft->output)) { flags = NFT_CACHE_FULL; break; } - - flags |= NFT_CACHE_TABLE | - NFT_CACHE_CHAIN | - NFT_CACHE_SET | - NFT_CACHE_FLOWTABLE | - NFT_CACHE_OBJECT; - /* Fall through */ - case CMD_CREATE: flags = evaluate_cache_add(cmd, flags); break; case CMD_REPLACE: |