]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4b7b728)
cache: accumulate flags in batch
authorPablo Neira Ayuso <pablo@netfilter.org>
Mon, 26 Aug 2024 08:19:39 +0000 (10:19 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 23 Jan 2025 00:35:37 +0000 (01:35 +0100)
commit 68c8fb5f7c988a38a694c77c65e789e0cb8dfd8a upstream.

Recent updates are relaxing cache requirements:

  babc6ee8773c ("cache: populate chains on demand from error path")

Flags describe cache requirements for a given batch, accumulate flags
that are inferred from commands in this batch.

Fixes: 7df42800cf89 ("src: single cache_update() call to build cache before evaluation")
Tested-by: Eric Garver <eric@garver.life>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/cache.c patch | blob | blame | history

diff --git a/src/cache.c b/src/cache.c
index c21f6008e61c16d3697c98ad9ddd8c1b60591d64..697ba0d5f20fbc41b37b18ef5e00767cbc715008 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -369,13 +369,14 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
                       struct list_head *msgs, struct nft_cache_filter *filter,
                       unsigned int *pflags)
 {
-       unsigned int flags = NFT_CACHE_EMPTY;
+       unsigned int flags, batch_flags = NFT_CACHE_EMPTY;
        struct cmd *cmd;
 
        list_for_each_entry(cmd, cmds, list) {
                if (nft_handle_validate(cmd, msgs) < 0)
                        return -1;
 
+               flags = NFT_CACHE_EMPTY;
                reset_filter(filter);
 
                switch (cmd->op) {
@@ -401,10 +402,10 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
                        flags |= NFT_CACHE_TABLE;
                        break;
                case CMD_LIST:
-                       flags |= evaluate_cache_list(nft, cmd, flags, filter);
+                       flags = evaluate_cache_list(nft, cmd, flags, filter);
                        break;
                case CMD_MONITOR:
-                       flags |= NFT_CACHE_FULL;
+                       flags = NFT_CACHE_FULL;
                        break;
                case CMD_FLUSH:
                        flags = evaluate_cache_flush(cmd, flags, filter);
@@ -419,8 +420,9 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
                default:
                        break;
                }
+               batch_flags |= flags;
        }
-       *pflags = flags;
+       *pflags = batch_flags;
 
        return 0;
 }
Mirror of git://git.netfilter.org/nftables