From: Pablo Neira Ayuso Date: Thu, 15 Aug 2024 10:34:13 +0000 (+0200) Subject: cache: populate objects on demand from error path X-Git-Tag: v1.0.6.1~182 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=25e3d36d7b935a2a413d527eddfcb034416438ce;p=thirdparty%2Fnftables.git cache: populate objects on demand from error path commit aab2fe87a665c0cba2676096b49b5c8ea21910f8 upstream. Objects are only required for error reporting hints if kernel reports ENOENT. Populate the cache from this error path only. Tested-by: Eric Garver Signed-off-by: Pablo Neira Ayuso --- diff --git a/src/cache.c b/src/cache.c index 733d333d..6694a77e 100644 --- a/src/cache.c +++ b/src/cache.c @@ -29,7 +29,6 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags) flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | - NFT_CACHE_OBJECT | NFT_CACHE_FLOWTABLE; list_for_each_entry(set, &cmd->table->sets, list) { if (set->automerge) @@ -52,13 +51,11 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags) case CMD_OBJ_ELEMENTS: flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | - NFT_CACHE_OBJECT | NFT_CACHE_SETELEM_MAYBE; break; case CMD_OBJ_RULE: flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | - NFT_CACHE_OBJECT | NFT_CACHE_FLOWTABLE; if (cmd->handle.index.id || @@ -392,8 +389,7 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds, case CMD_DELETE: flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | - NFT_CACHE_FLOWTABLE | - NFT_CACHE_OBJECT; + NFT_CACHE_FLOWTABLE; flags = evaluate_cache_del(cmd, flags); break; diff --git a/src/cmd.c b/src/cmd.c index f315780f..22c9dbf7 100644 --- a/src/cmd.c +++ b/src/cmd.c @@ -149,6 +149,10 @@ static int nft_cmd_enoent_obj(struct netlink_ctx *ctx, const struct cmd *cmd, if (!cmd->handle.obj.name) return 0; + if (nft_cache_update(ctx->nft, NFT_CACHE_TABLE | NFT_CACHE_OBJECT, + ctx->msgs, NULL) < 0) + return 0; + obj = obj_lookup_fuzzy(cmd->handle.obj.name, &ctx->nft->cache, &table); /* check table first. */ if (!table)