cache: do not fetch set inconditionally on delete

commit ba13acf4be081129d5c943db9f607a13954be5f6 upstream.

This is only required to remove elements, relax cache requirements for
anything else.

Tested-by: Eric Garver <eric@garver.life>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/cache.c b/src/cache.c
index 67614bd2c64f3c23ba05fdbe916e7022b79669ed..9cbf8286f2a4f1e9696c3a32f9b81b7d1ecea069 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -71,7 +71,8 @@ static unsigned int evaluate_cache_del(struct cmd *cmd, unsigned int flags)
 {
        switch (cmd->obj) {
        case CMD_OBJ_ELEMENTS:
-               flags |= NFT_CACHE_SETELEM_MAYBE;
+               flags |= NFT_CACHE_SET |
+                        NFT_CACHE_SETELEM_MAYBE;
                break;
        default:
                break;
@@ -385,8 +386,7 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
                        flags = NFT_CACHE_FULL;
                        break;
                case CMD_DELETE:
-                       flags |= NFT_CACHE_TABLE |
-                                NFT_CACHE_SET;
+                       flags |= NFT_CACHE_TABLE;
 
                        flags = evaluate_cache_del(cmd, flags);
                        break;

diff --git a/src/cmd.c b/src/cmd.c
index e4ede01aed7854889223961c6aab11b491c57203..13f95abe69d5173bfd103b3d790e8a8f834e4152 100644 (file)
--- a/src/cmd.c
+++ b/src/cmd.c
@@ -120,6 +120,10 @@ static int nft_cmd_enoent_set(struct netlink_ctx *ctx, const struct cmd *cmd,
        if (!cmd->handle.set.name)
                return 0;
 
+       if (nft_cache_update(ctx->nft, NFT_CACHE_TABLE | NFT_CACHE_SET,
+                            ctx->msgs, NULL) < 0)
+               return 0;
+
        set = set_lookup_fuzzy(cmd->handle.set.name, &ctx->nft->cache, &table);
        /* check table first. */
        if (!table)