cache: filter out sets and maps that are not requested

Do not fetch set content for list commands that specify a
set name.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/cache.h b/include/cache.h
index 3130b2c043722e19c0f4be668b4da708a4ba6eab..0523358889def8375f26e97dccfd0ad0f3f76a29 100644 (file)
--- a/include/cache.h
+++ b/include/cache.h
@@ -40,6 +40,7 @@ enum cache_level_flags {
 
 struct nft_cache_filter {
        const char              *table;
+       const char              *set;
 };
 
 struct nft_cache;

diff --git a/src/cache.c b/src/cache.c
index 6684111fc0f1fc5f375e58c797bd3890d5ef7e65..584328ebc5e7a8c9a54ead624574c0a883e50b2d 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -137,6 +137,14 @@ static unsigned int evaluate_cache_list(struct cmd *cmd, unsigned int flags,
 
                flags |= NFT_CACHE_FULL | NFT_CACHE_REFRESH;
                break;
+       case CMD_OBJ_SET:
+       case CMD_OBJ_MAP:
+               if (filter && cmd->handle.table.name && cmd->handle.set.name) {
+                       filter->table = cmd->handle.table.name;
+                       filter->set = cmd->handle.set.name;
+               }
+               flags |= NFT_CACHE_FULL | NFT_CACHE_REFRESH;
+               break;
        case CMD_OBJ_CHAINS:
                flags |= NFT_CACHE_TABLE | NFT_CACHE_CHAIN;
                break;
@@ -342,6 +350,7 @@ struct chain *chain_cache_find(const struct table *table, const char *name)
 struct set_cache_dump_ctx {
        struct netlink_ctx      *nlctx;
        struct table            *table;
+       const struct nft_cache_filter *filter;
 };
 
 static int set_cache_cb(struct nftnl_set *nls, void *arg)
@@ -355,6 +364,12 @@ static int set_cache_cb(struct nftnl_set *nls, void *arg)
        if (!set)
                return -1;
 
+       if (ctx->filter && ctx->filter->set &&
+           (strcmp(ctx->filter->set, set->handle.set.name))) {
+               set_free(set);
+               return 0;
+       }
+
        set_name = nftnl_set_get_str(nls, NFTNL_SET_NAME);
        hash = djb_hash(set_name) % NFT_CACHE_HSIZE;
        cache_add(&set->cache, &ctx->table->set_cache, hash);
@@ -363,11 +378,13 @@ static int set_cache_cb(struct nftnl_set *nls, void *arg)
 }
 
 static int set_cache_init(struct netlink_ctx *ctx, struct table *table,
-                         struct nftnl_set_list *set_list)
+                         struct nftnl_set_list *set_list,
+                         const struct nft_cache_filter *filter)
 {
        struct set_cache_dump_ctx dump_ctx = {
                .nlctx  = ctx,
                .table  = table,
+               .filter = filter,
        };
        nftnl_set_list_foreach(set_list, set_cache_cb, &dump_ctx);
 
@@ -643,7 +660,7 @@ static int cache_init_objects(struct netlink_ctx *ctx, unsigned int flags,
                                ret = -1;
                                goto cache_fails;
                        }
-                       ret = set_cache_init(ctx, table, set_list);
+                       ret = set_cache_init(ctx, table, set_list, filter);
 
                        nftnl_set_list_free(set_list);