evaluate: flush set cache from the evaluation phase

This patch reworks 40ef308e19b6 ("rule: flush set cache before flush
command"). This patch flushes the set cache earlier, from the command
evaluation step.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 1f56dae5ec139447ef4372b030cfdf6d5e3a8dec..bb504962ea8d0c1be0095711c8b671acfe5addc1 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -4375,6 +4375,14 @@ static int cmd_evaluate_reset(struct eval_ctx *ctx, struct cmd *cmd)
        }
 }
 
+static void __flush_set_cache(struct set *set)
+{
+       if (set->init != NULL) {
+               expr_free(set->init);
+               set->init = NULL;
+       }
+}
+
 static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
 {
        struct table *table;
@@ -4402,6 +4410,9 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
                else if (!set_is_literal(set->flags))
                        return cmd_error(ctx, &ctx->cmd->handle.set.location,
                                         "%s", strerror(ENOENT));
+
+               __flush_set_cache(set);
+
                return 0;
        case CMD_OBJ_MAP:
                table = table_lookup(&cmd->handle, &ctx->nft->cache);
@@ -4416,6 +4427,8 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
                        return cmd_error(ctx, &ctx->cmd->handle.set.location,
                                         "%s", strerror(ENOENT));
 
+               __flush_set_cache(set);
+
                return 0;
        case CMD_OBJ_METER:
                table = table_lookup(&cmd->handle, &ctx->nft->cache);
@@ -4430,6 +4443,8 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
                        return cmd_error(ctx, &ctx->cmd->handle.set.location,
                                         "%s", strerror(ENOENT));
 
+               __flush_set_cache(set);
+
                return 0;
        default:
                BUG("invalid command object type %u\n", cmd->obj);

diff --git a/src/rule.c b/src/rule.c
index dadb26f8556766e028e94fa0fe15c36d46983bcd..65973ccb296ea71ba7cc7418d444129727303d33 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -2693,21 +2693,6 @@ static int do_command_reset(struct netlink_ctx *ctx, struct cmd *cmd)
        return do_list_obj(ctx, cmd, type);
 }
 
-static void flush_set_cache(struct netlink_ctx *ctx, struct cmd *cmd)
-{
-       struct table *table;
-       struct set *set;
-
-       table = table_lookup(&cmd->handle, &ctx->nft->cache);
-       assert(table);
-       set = set_lookup(table, cmd->handle.set.name);
-       assert(set);
-       if (set->init != NULL) {
-               expr_free(set->init);
-               set->init = NULL;
-       }
-}
-
 static int do_command_flush(struct netlink_ctx *ctx, struct cmd *cmd)
 {
        switch (cmd->obj) {
@@ -2717,7 +2702,6 @@ static int do_command_flush(struct netlink_ctx *ctx, struct cmd *cmd)
        case CMD_OBJ_SET:
        case CMD_OBJ_MAP:
        case CMD_OBJ_METER:
-               flush_set_cache(ctx, cmd);
                return mnl_nft_setelem_flush(ctx, cmd);
        case CMD_OBJ_RULESET:
                return mnl_nft_table_del(ctx, cmd);