From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 12 Aug 2015 17:07:39 +0000 (+0200)
Subject: netlink: don't call netlink_dump_*() from listing functions with --debug=netlink
X-Git-Tag: v0.5~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e715f6d1241c;p=thirdparty%2Fnftables.git

netlink: don't call netlink_dump_*() from listing functions with --debug=netlink

Now that we always retrieve the object list to build a cache before executing
the command, this results in fully listing of existing objects in the kernel.

This is confusing when adding a simple rule, so better not to call
netlink_dump_*() from listing functions.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/netlink.c b/src/netlink.c
index 801696c8..a9050093 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -920,7 +920,6 @@ static struct table *netlink_delinearize_table(struct netlink_ctx *ctx,
 {
 	struct table *table;
 
-	netlink_dump_table(nlt);
 	table = table_alloc();
 	table->handle.family =
 		nft_table_attr_get_u32(nlt, NFT_TABLE_ATTR_FAMILY);
@@ -1233,7 +1232,6 @@ static int list_set_cb(struct nft_set *nls, void *arg)
 	struct netlink_ctx *ctx = arg;
 	struct set *set;
 
-	netlink_dump_set(nls);
 	set = netlink_delinearize_set(ctx, nls);
 	if (set == NULL)
 		return -1;
@@ -1270,7 +1268,6 @@ int netlink_get_set(struct netlink_ctx *ctx, const struct handle *h,
 	int err;
 
 	nls = alloc_nft_set(h);
-	netlink_dump_set(nls);
 	err = mnl_nft_set_get(nf_sock, nls);
 	if (err < 0) {
 		nft_set_free(nls);
@@ -1511,7 +1508,6 @@ int netlink_get_setelems(struct netlink_ctx *ctx, const struct handle *h,
 	int err;
 
 	nls = alloc_nft_set(h);
-	netlink_dump_set(nls);
 
 	err = mnl_nft_setelem_get(nf_sock, nls);
 	if (err < 0) {