path: root/src/mnl.c
diff options
authorPablo Neira Ayuso <>2019-06-04 12:02:18 +0200
committerPablo Neira Ayuso <>2019-06-06 11:16:25 +0200
commit7df42800cf89e994b5179200825592d9b95c5fab (patch)
tree7e43c4623433a7b4ce1ca80da7d0d204ceca31e9 /src/mnl.c
parent89bae935180a50f4ea827f5facc41459557380ef (diff)
src: single cache_update() call to build cache before evaluation
This patch allows us to make one single cache_update() call. Thus, there is not need to rebuild an incomplete cache from the middle of the batch processing. Note that nft_run_cmd_from_filename() does not need a full netlink dump to build the cache anymore, this should speed nft -f with incremental updates and very large rulesets. cache_evaluate() calculates the netlink dump to populate the cache that this batch needs. Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'src/mnl.c')
1 files changed, 1 insertions, 7 deletions
diff --git a/src/mnl.c b/src/mnl.c
index 579210e4..c0df2c94 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -394,15 +394,9 @@ int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd)
unsigned int flags = 0;
struct nftnl_rule *nlr;
struct nlmsghdr *nlh;
- int err;
- if (nft_output_echo(&ctx->nft->output)) {
- err = cache_update(ctx->nft, CMD_INVALID, ctx->msgs);
- if (err < 0)
- return err;
+ if (nft_output_echo(&ctx->nft->output))
flags |= NLM_F_ECHO;
- }
nlr = nftnl_rule_alloc();
if (!nlr)