Flowtables are only required for error reporting hints if kernel reports
ENOENT. Populate the cache from this error path only.
Tested-by: Eric Garver <eric@garver.life>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
break;
flags |= NFT_CACHE_TABLE |
- NFT_CACHE_SET |
- NFT_CACHE_FLOWTABLE;
+ NFT_CACHE_SET;
list_for_each_entry(set, &cmd->table->sets, list) {
if (set->automerge)
flags |= NFT_CACHE_SETELEM_MAYBE;
break;
case CMD_OBJ_RULE:
flags |= NFT_CACHE_TABLE |
- NFT_CACHE_SET |
- NFT_CACHE_FLOWTABLE;
+ NFT_CACHE_SET;
if (cmd->handle.index.id ||
cmd->handle.position.id)
case CMD_DELETE:
case CMD_DESTROY:
flags |= NFT_CACHE_TABLE |
- NFT_CACHE_SET |
- NFT_CACHE_FLOWTABLE;
+ NFT_CACHE_SET;
flags = evaluate_cache_del(cmd, flags);
break;
if (!cmd->handle.flowtable.name)
return 0;
+ if (nft_cache_update(ctx->nft, NFT_CACHE_TABLE | NFT_CACHE_FLOWTABLE,
+ ctx->msgs, NULL) < 0)
+ return 0;
+
ft = flowtable_lookup_fuzzy(cmd->handle.flowtable.name,
&ctx->nft->cache, &table);
/* check table first. */
projects / thirdparty / nftables.git / commitdiff
