diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-06-17 13:54:46 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-06-17 19:54:57 +0200 |
commit | fb2c7e161823f2b3afaacf2bf975e81ec9d97411 (patch) | |
tree | 313150aea8f920396814d8c202c994bf036763d8 /src | |
parent | 449e9d5e6946118623b46f7a37eb323c789223b5 (diff) |
rule: skip cache population from do_command_monitor()
nft_evaluate() already populates the cache before running the monitor
command. Remove this code.
Fixes: 7df42800cf89 ("src: single cache_update() call to build cache before evaluation")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/rule.c | 32 |
1 files changed, 0 insertions, 32 deletions
@@ -2427,8 +2427,6 @@ static bool need_cache(const struct cmd *cmd) static int do_command_monitor(struct netlink_ctx *ctx, struct cmd *cmd) { - struct table *t; - struct set *s; struct netlink_mon_handler monhandler = { .monitor_flags = cmd->monitor->flags, .format = cmd->monitor->format, @@ -2442,36 +2440,6 @@ static int do_command_monitor(struct netlink_ctx *ctx, struct cmd *cmd) monhandler.format = NFTNL_OUTPUT_JSON; monhandler.cache_needed = need_cache(cmd); - if (monhandler.cache_needed) { - struct rule *rule, *nrule; - struct chain *chain; - int ret; - - list_for_each_entry(t, &ctx->nft->cache.list, list) { - list_for_each_entry(s, &t->sets, list) - s->init = set_expr_alloc(&cmd->location, s); - - if (!(cmd->monitor->flags & (1 << NFT_MSG_TRACE))) - continue; - - /* When tracing we'd like to translate the rule handle - * we receive in the trace messages to the actual rule - * struct to print that out. Populate rule cache now. - */ - ret = netlink_list_table(ctx, &t->handle); - - if (ret != 0) - /* Shouldn't happen and doesn't break things - * too badly - */ - continue; - - list_for_each_entry_safe(rule, nrule, &ctx->list, list) { - chain = chain_lookup(t, &rule->handle); - list_move_tail(&rule->list, &chain->rules); - } - } - } return netlink_monitor(&monhandler, ctx->nft->nf_sock); } |