From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 15 Aug 2024 10:47:54 +0000 (+0200)
Subject: cache: do not fetch set inconditionally on delete
X-Git-Tag: v1.1.1~35
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ba13acf4be081129d5c943db9f607a13954be5f6;p=thirdparty%2Fnftables.git

cache: do not fetch set inconditionally on delete

This is only required to remove elements, relax cache requirements for
anything else.

Tested-by: Eric Garver <eric@garver.life>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/cache.c b/src/cache.c
index 1fc03f2b..23314764 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -73,7 +73,8 @@ static unsigned int evaluate_cache_del(struct cmd *cmd, unsigned int flags)
 {
 	switch (cmd->obj) {
 	case CMD_OBJ_ELEMENTS:
-		flags |= NFT_CACHE_SETELEM_MAYBE;
+		flags |= NFT_CACHE_SET |
+			 NFT_CACHE_SETELEM_MAYBE;
 		break;
 	default:
 		break;
@@ -426,8 +427,7 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
 			break;
 		case CMD_DELETE:
 		case CMD_DESTROY:
-			flags |= NFT_CACHE_TABLE |
-				 NFT_CACHE_SET;
+			flags |= NFT_CACHE_TABLE;
 
 			flags = evaluate_cache_del(cmd, flags);
 			break;
diff --git a/src/cmd.c b/src/cmd.c
index e64171e7..9a572b56 100644
--- a/src/cmd.c
+++ b/src/cmd.c
@@ -140,6 +140,10 @@ static int nft_cmd_enoent_set(struct netlink_ctx *ctx, const struct cmd *cmd,
 	if (!cmd->handle.set.name)
 		return 0;
 
+	if (nft_cache_update(ctx->nft, NFT_CACHE_TABLE | NFT_CACHE_SET,
+			     ctx->msgs, NULL) < 0)
+		return 0;
+
 	set = set_lookup_fuzzy(cmd->handle.set.name, &ctx->nft->cache, &table);
 	/* check table first. */
 	if (!table)