cache: accumulate flags in batch

Recent updates are relaxing cache requirements:

  babc6ee8773c ("cache: populate chains on demand from error path")

Flags describe cache requirements for a given batch, accumulate flags
that are inferred from commands in this batch.

Fixes: 7df42800cf89 ("src: single cache_update() call to build cache before evaluation")
Tested-by: Eric Garver <eric@garver.life>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/cache.c b/src/cache.c
index 5442da35a1294cdfd8015d9e38a92775d6cf7697..082fd30b462d26e975ef4440e0bdc6b148f57a5a 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -409,13 +409,14 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
                       struct list_head *msgs, struct nft_cache_filter *filter,
                       unsigned int *pflags)
 {
-       unsigned int flags = NFT_CACHE_EMPTY;
+       unsigned int flags, batch_flags = NFT_CACHE_EMPTY;
        struct cmd *cmd;
 
        list_for_each_entry(cmd, cmds, list) {
                if (nft_handle_validate(cmd, msgs) < 0)
                        return -1;
 
+               flags = NFT_CACHE_EMPTY;
                reset_filter(filter);
 
                switch (cmd->op) {
@@ -439,13 +440,13 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
                        flags = evaluate_cache_get(cmd, flags);
                        break;
                case CMD_RESET:
-                       flags |= evaluate_cache_reset(cmd, flags, filter);
+                       flags = evaluate_cache_reset(cmd, flags, filter);
                        break;
                case CMD_LIST:
-                       flags |= evaluate_cache_list(nft, cmd, flags, filter);
+                       flags = evaluate_cache_list(nft, cmd, flags, filter);
                        break;
                case CMD_MONITOR:
-                       flags |= NFT_CACHE_FULL;
+                       flags = NFT_CACHE_FULL;
                        break;
                case CMD_FLUSH:
                        flags = evaluate_cache_flush(cmd, flags, filter);
@@ -460,8 +461,9 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
                default:
                        break;
                }
+               batch_flags |= flags;
        }
-       *pflags = flags;
+       *pflags = batch_flags;
 
        return 0;
 }