From: Pablo Neira Ayuso Date: Thu, 15 Aug 2024 10:34:17 +0000 (+0200) Subject: cache: populate flowtables on demand from error path X-Git-Tag: v1.0.6.1~181 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fad67e090e2fc21d5dbff48a55db6dc9a7756025;p=thirdparty%2Fnftables.git cache: populate flowtables on demand from error path commit 52d99078521f0ae245ad0145348bebdba9f665ab upstream. Flowtables are only required for error reporting hints if kernel reports ENOENT. Populate the cache from this error path only. Tested-by: Eric Garver Signed-off-by: Pablo Neira Ayuso --- diff --git a/src/cache.c b/src/cache.c index 6694a77e..67614bd2 100644 --- a/src/cache.c +++ b/src/cache.c @@ -28,8 +28,7 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags) break; flags |= NFT_CACHE_TABLE | - NFT_CACHE_SET | - NFT_CACHE_FLOWTABLE; + NFT_CACHE_SET; list_for_each_entry(set, &cmd->table->sets, list) { if (set->automerge) flags |= NFT_CACHE_SETELEM_MAYBE; @@ -55,8 +54,7 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags) break; case CMD_OBJ_RULE: flags |= NFT_CACHE_TABLE | - NFT_CACHE_SET | - NFT_CACHE_FLOWTABLE; + NFT_CACHE_SET; if (cmd->handle.index.id || cmd->handle.position.id) @@ -388,8 +386,7 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds, break; case CMD_DELETE: flags |= NFT_CACHE_TABLE | - NFT_CACHE_SET | - NFT_CACHE_FLOWTABLE; + NFT_CACHE_SET; flags = evaluate_cache_del(cmd, flags); break; diff --git a/src/cmd.c b/src/cmd.c index 22c9dbf7..e4ede01a 100644 --- a/src/cmd.c +++ b/src/cmd.c @@ -181,6 +181,10 @@ static int nft_cmd_enoent_flowtable(struct netlink_ctx *ctx, if (!cmd->handle.flowtable.name) return 0; + if (nft_cache_update(ctx->nft, NFT_CACHE_TABLE | NFT_CACHE_FLOWTABLE, + ctx->msgs, NULL) < 0) + return 0; + ft = flowtable_lookup_fuzzy(cmd->handle.flowtable.name, &ctx->nft->cache, &table); /* check table first. */