src: do not reset generation ID on ruleset flush

If 'flush ruleset' command is done, release the cache but still keep the
generation ID around. Hence, follow up calls to cache_update() will
assume that cache is updated and will not perform a netlink dump.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/rule.h b/include/rule.h
index cfecf7ffdd27dc6254b33d9de0da85522b997a34..909ff36db80c17fc6c3f6ae2d0f076644c45eadc 100644 (file)
--- a/include/rule.h
+++ b/include/rule.h
@@ -580,7 +580,9 @@ extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd);
 extern int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache,
                        enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_flag,
                        struct output_ctx *octx);
-extern void cache_flush(struct list_head *table_list);
+extern void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache,
+                       enum cmd_ops cmd, struct list_head *msgs,
+                       unsigned int debug_mask, struct output_ctx *octx);
 extern void cache_release(struct nft_cache *cache);
 
 enum udata_type {

diff --git a/src/evaluate.c b/src/evaluate.c
index 27e4f61137c0b8582893a8a5ace84a9bd710c3da..c4ee3cc94a3dbf5d38e948dd9950f2be93e4356d 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3348,7 +3348,8 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
 
        switch (cmd->obj) {
        case CMD_OBJ_RULESET:
-               cache_flush(&ctx->cache->list);
+               cache_flush(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
+                           ctx->debug_mask, ctx->octx);
                break;
        case CMD_OBJ_TABLE:
                /* Flushing a table does not empty the sets in the table nor remove

diff --git a/src/rule.c b/src/rule.c
index 3e8dea4094cfcff7bd6d682f48a663b61308b0e6..56b956a4f8fecb82679c4511f95a690a99dbc009 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -187,7 +187,7 @@ replay:
        return 0;
 }
 
-void cache_flush(struct list_head *table_list)
+static void __cache_flush(struct list_head *table_list)
 {
        struct table *table, *next;
 
@@ -197,9 +197,26 @@ void cache_flush(struct list_head *table_list)
        }
 }
 
+void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache,
+                enum cmd_ops cmd, struct list_head *msgs,
+                unsigned int debug_mask, struct output_ctx *octx)
+{
+       struct netlink_ctx ctx = {
+               .list           = LIST_HEAD_INIT(ctx.list),
+               .nf_sock        = nf_sock,
+               .cache          = cache,
+               .msgs           = msgs,
+               .debug_mask     = debug_mask,
+               .octx           = octx,
+       };
+
+       __cache_flush(&cache->list);
+       cache->genid = netlink_genid_get(&ctx);
+}
+
 void cache_release(struct nft_cache *cache)
 {
-       cache_flush(&cache->list);
+       __cache_flush(&cache->list);
        cache->genid = 0;
 }