From: Pablo Neira Ayuso Date: Thu, 15 Aug 2024 10:34:13 +0000 (+0200) Subject: cache: populate objects on demand from error path X-Git-Tag: v1.1.1~37 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aab2fe87a665c0cba2676096b49b5c8ea21910f8;p=thirdparty%2Fnftables.git cache: populate objects on demand from error path Objects are only required for error reporting hints if kernel reports ENOENT. Populate the cache from this error path only. Tested-by: Eric Garver Signed-off-by: Pablo Neira Ayuso --- diff --git a/src/cache.c b/src/cache.c index 36c6f12d..6ad8e258 100644 --- a/src/cache.c +++ b/src/cache.c @@ -31,7 +31,6 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags) flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | - NFT_CACHE_OBJECT | NFT_CACHE_FLOWTABLE; list_for_each_entry(set, &cmd->table->sets, list) { if (set->automerge) @@ -54,13 +53,11 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags) case CMD_OBJ_ELEMENTS: flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | - NFT_CACHE_OBJECT | NFT_CACHE_SETELEM_MAYBE; break; case CMD_OBJ_RULE: flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | - NFT_CACHE_OBJECT | NFT_CACHE_FLOWTABLE; if (cmd->handle.index.id || @@ -433,8 +430,7 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds, case CMD_DESTROY: flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | - NFT_CACHE_FLOWTABLE | - NFT_CACHE_OBJECT; + NFT_CACHE_FLOWTABLE; flags = evaluate_cache_del(cmd, flags); break; diff --git a/src/cmd.c b/src/cmd.c index 381f4042..507796bd 100644 --- a/src/cmd.c +++ b/src/cmd.c @@ -169,6 +169,10 @@ static int nft_cmd_enoent_obj(struct netlink_ctx *ctx, const struct cmd *cmd, if (!cmd->handle.obj.name) return 0; + if (nft_cache_update(ctx->nft, NFT_CACHE_TABLE | NFT_CACHE_OBJECT, + ctx->msgs, NULL) < 0) + return 0; + obj = obj_lookup_fuzzy(cmd->handle.obj.name, &ctx->nft->cache, &table); /* check table first. */ if (!table)