If 'flush ruleset' command is done, release the cache but still keep the
generation ID around. Hence, follow up calls to cache_update() will
assume that cache is updated and will not perform a netlink dump.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
include/rule.h | 4 +++-
src/evaluate.c | 3 ++-
src/rule.c | 19 +++++++++++++++++--
3 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/include/rule.h b/include/rule.h
index cfecf7ffdd27..909ff36db80c 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -580,7 +580,9 @@ extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd);
extern int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache,
enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_flag,
struct output_ctx *octx);
-extern void cache_flush(struct list_head *table_list);
+extern void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache,
+ enum cmd_ops cmd, struct list_head *msgs,
+ unsigned int debug_mask, struct output_ctx *octx);
extern void cache_release(struct nft_cache *cache);
enum udata_type {
diff --git a/src/evaluate.c b/src/evaluate.c
index 27e4f61137c0..c4ee3cc94a3d 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3348,7 +3348,8 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
switch (cmd->obj) {
case CMD_OBJ_RULESET:
- cache_flush(&ctx->cache->list);
+ cache_flush(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs,
+ ctx->debug_mask, ctx->octx);
break;
case CMD_OBJ_TABLE:
/* Flushing a table does not empty the sets in the table nor remove
diff --git a/src/rule.c b/src/rule.c
index 3e8dea4094cf..7644888af689 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -187,7 +187,7 @@ replay:
return 0;
}
-void cache_flush(struct list_head *table_list)
+static void __cache_flush(struct list_head *table_list)
{
struct table *table, *next;
@@ -197,9 +197,24 @@ void cache_flush(struct list_head *table_list)
}
}
+void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache,
+ enum cmd_ops cmd, struct list_head *msgs,
+ unsigned int debug_mask, struct output_ctx *octx)
+{
+ struct netlink_ctx ctx = {
+ .list = LIST_HEAD_INIT(ctx.list),
+ .nf_sock = nf_sock,
+ .cache = cache,
+ .msgs = msgs,
+ };
+
+ __cache_flush(&cache->list);
+ cache->genid = netlink_genid_get(&ctx);
+}
+
void cache_release(struct nft_cache *cache)
{
- cache_flush(&cache->list);
+ __cache_flush(&cache->list);
cache->genid = 0;
}
--
2.11.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
