NFT_CACHE_CHAIN_BIT |
NFT_CACHE_RULE_BIT,
NFT_CACHE_FULL = __NFT_CACHE_MAX_BIT - 1,
+ NFT_CACHE_TERSE = (1 << 27),
NFT_CACHE_SETELEM_MAYBE = (1 << 28),
NFT_CACHE_REFRESH = (1 << 29),
NFT_CACHE_UPDATE = (1 << 30),
filter->list.table = cmd->handle.table.name;
filter->list.set = cmd->handle.set.name;
}
- if (nft_output_terse(&nft->output))
- flags |= (NFT_CACHE_FULL & ~NFT_CACHE_SETELEM_BIT);
- else if (filter->list.table && filter->list.set)
+ if (filter->list.table && filter->list.set)
flags |= NFT_CACHE_TABLE | NFT_CACHE_SET | NFT_CACHE_SETELEM;
+ else if (nft_output_terse(&nft->output))
+ flags |= NFT_CACHE_FULL | NFT_CACHE_TERSE;
else
flags |= NFT_CACHE_FULL;
break;
break;
case CMD_OBJ_RULESET:
if (nft_output_terse(&nft->output))
- flags |= (NFT_CACHE_FULL & ~NFT_CACHE_SETELEM_BIT);
+ flags |= NFT_CACHE_FULL | NFT_CACHE_TERSE;
else
flags |= NFT_CACHE_FULL;
break;
list_for_each_entry(set, &table->set_cache.list, cache.list) {
if (cache_filter_find(filter, &set->handle))
continue;
+ if (!set_is_anonymous(set->flags) &&
+ flags & NFT_CACHE_TERSE)
+ continue;
ret = netlink_list_setelems(ctx, &set->handle,
set);
chain input {
type filter hook prerouting priority filter; policy accept;
- ip saddr @example drop
+ ip saddr != { 10.10.10.100, 10.10.10.111 } ip saddr @example drop
}
}"
chain input {
type filter hook prerouting priority filter; policy accept;
- ip saddr @example drop
+ ip saddr != { 10.10.10.100, 10.10.10.111 } ip saddr @example drop
}
}"
projects / thirdparty / nftables.git / commitdiff
