From 40fb9d6f6bea86b812314b3c879746d957fbb769 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 7 Jun 2018 13:35:52 +0200 Subject: src: do not reset generation ID on ruleset flush If 'flush ruleset' command is done, release the cache but still keep the generation ID around. Hence, follow up calls to cache_update() will assume that cache is updated and will not perform a netlink dump. Signed-off-by: Pablo Neira Ayuso --- include/rule.h | 4 +++- src/evaluate.c | 3 ++- src/rule.c | 21 +++++++++++++++++++-- 3 files changed, 24 insertions(+), 4 deletions(-) diff --git a/include/rule.h b/include/rule.h index cfecf7ff..909ff36d 100644 --- a/include/rule.h +++ b/include/rule.h @@ -580,7 +580,9 @@ extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd); extern int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache, enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_flag, struct output_ctx *octx); -extern void cache_flush(struct list_head *table_list); +extern void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache, + enum cmd_ops cmd, struct list_head *msgs, + unsigned int debug_mask, struct output_ctx *octx); extern void cache_release(struct nft_cache *cache); enum udata_type { diff --git a/src/evaluate.c b/src/evaluate.c index 27e4f611..c4ee3cc9 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3348,7 +3348,8 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) switch (cmd->obj) { case CMD_OBJ_RULESET: - cache_flush(&ctx->cache->list); + cache_flush(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs, + ctx->debug_mask, ctx->octx); break; case CMD_OBJ_TABLE: /* Flushing a table does not empty the sets in the table nor remove diff --git a/src/rule.c b/src/rule.c index 3e8dea40..56b956a4 100644 --- a/src/rule.c +++ b/src/rule.c @@ -187,7 +187,7 @@ replay: return 0; } -void cache_flush(struct list_head *table_list) +static void __cache_flush(struct list_head *table_list) { struct table *table, *next; @@ -197,9 +197,26 @@ void cache_flush(struct list_head *table_list) } } +void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache, + enum cmd_ops cmd, struct list_head *msgs, + unsigned int debug_mask, struct output_ctx *octx) +{ + struct netlink_ctx ctx = { + .list = LIST_HEAD_INIT(ctx.list), + .nf_sock = nf_sock, + .cache = cache, + .msgs = msgs, + .debug_mask = debug_mask, + .octx = octx, + }; + + __cache_flush(&cache->list); + cache->genid = netlink_genid_get(&ctx); +} + void cache_release(struct nft_cache *cache) { - cache_flush(&cache->list); + __cache_flush(&cache->list); cache->genid = 0; } -- cgit v1.2.3