git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 23 Jul 2019 13:03:23 +0000 (15:03 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 23 Jul 2019 18:47:19 +0000 (20:47 +0200)
commit	3ab02db5f836ae0cf9fe7fba616d7eb52139d537
tree	38004431535ef5da7de95a31e2b0783ba2e5d8c8	tree
parent	f4d0f16834f62e7e895f05f2e961d62487327f4b	commit \| diff

cache: add NFT_CACHE_UPDATE and NFT_CACHE_FLUSHED flags

NFT_CACHE_FLUSHED tells cache_update() to skip the netlink dump to
populate the cache, since the existing ruleset is going to flushed by
this batch.

NFT_CACHE_UPDATE tells rule_evaluate() to perform incremental updates to
the cache based on the existing batch, this is required by the rule
commands that use the index and the position selectors.

This patch removes cache_flush() which is not required anymore. This
cache removal is coming too late, in the evaluation phase, after the
initial cache_update() invocation.

Be careful with NFT_CACHE_UPDATE, this flag needs to be left in place if
NFT_CACHE_FLUSHED is set on.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/cache.h		diff \| blob \| blame \| history
include/rule.h		diff \| blob \| blame \| history
src/cache.c		diff \| blob \| blame \| history
src/evaluate.c		diff \| blob \| blame \| history
src/rule.c		diff \| blob \| blame \| history