cache: do not populate the cache in case of flush ruleset command

__CMD_FLUSH_RULESET is a dummy definition that used to skip the netlink
dump to populate the cache. This patch is a workaround until we have a
better infrastructure to track the state of the cache objects.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/rule.h b/include/rule.h
index dd9df9ec6dd82aa4bd43cc83cff5b54808c24c81..b41825d000d6c0fc3d329d75dcafeb62d1d9e140 100644 (file)
--- a/include/rule.h
+++ b/include/rule.h
@@ -462,6 +462,7 @@ enum cmd_ops {
        CMD_EXPORT,
        CMD_MONITOR,
        CMD_DESCRIBE,
+       __CMD_FLUSH_RULESET,
 };
 
 /**

diff --git a/src/cache.c b/src/cache.c
index 532ef425906ad02aa56eb0c63365eace8076bde5..d7153f6f6b8f24c22fb574fa2d48cd8d8bc5d51d 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -54,6 +54,9 @@ static unsigned int evaluate_cache_flush(struct cmd *cmd)
        unsigned int completeness = CMD_INVALID;
 
        switch (cmd->obj) {
+       case CMD_OBJ_RULESET:
+               completeness = __CMD_FLUSH_RULESET;
+               break;
        case CMD_OBJ_SET:
        case CMD_OBJ_MAP:
        case CMD_OBJ_METER:

diff --git a/src/rule.c b/src/rule.c
index 8de5aa62b94ffb637669cf33792c13092f58a37a..0c0fd07ec70cad3a9dadbd380710d56a0799ce03 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -210,6 +210,9 @@ static int cache_init(struct netlink_ctx *ctx, enum cmd_ops cmd)
        };
        int ret;
 
+       if (cmd == __CMD_FLUSH_RULESET)
+               return 0;
+
        ret = cache_init_tables(ctx, &handle, &ctx->nft->cache);
        if (ret < 0)
                return ret;