cache: rule by index requires full cache

In preparation for on-demand cache population with errors, set on
NFT_CACHE_FULL if rule index is used since this requires a full cache
with rules.

This is not a fix, index is already fetching a full cache before this
patch.

But follow up patches relax cache requirements, so add this patch in
first place to make sure index does not break.

Tested-by: Eric Garver <eric@garver.life>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/cache.c b/src/cache.c
index e88cbae2ad9598a85ee0f4b79ed9e27d34137ac1..42e60dfa12865ee502e252a8bf2d3e772d190b77 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -68,7 +68,7 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags)
 
                if (cmd->handle.index.id ||
                    cmd->handle.position.id)
-                       flags |= NFT_CACHE_RULE | NFT_CACHE_UPDATE;
+                       flags |= NFT_CACHE_FULL | NFT_CACHE_UPDATE;
                break;
        default:
                break;