cache: rule by index requires full cache

commit 161beaeacd2e5218d66febc3db825bf6a27119c5 upstream.

In preparation for on-demand cache population with errors, set on
NFT_CACHE_FULL if rule index is used since this requires a full cache
with rules.

This is not a fix, index is already fetching a full cache before this
patch.

But follow up patches relax cache requirements, so add this patch in
first place to make sure index does not break.

Tested-by: Eric Garver <eric@garver.life>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/cache.c b/src/cache.c
index bd6ba1770dd6a15a5817b6ff7a34e91e518a179e..a92897ccd8099af8c2ad7f3a12fccb28ead58e77 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -66,7 +66,7 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags)
 
                if (cmd->handle.index.id ||
                    cmd->handle.position.id)
-                       flags |= NFT_CACHE_RULE | NFT_CACHE_UPDATE;
+                       flags |= NFT_CACHE_FULL | NFT_CACHE_UPDATE;
                break;
        default:
                break;