On Fri, Jun 14, 2019 at 02:59:10PM +0200, Pablo Neira Ayuso wrote: > On Fri, Jun 14, 2019 at 02:54:32PM +0200, Phil Sutter wrote: > > Hi Pablo, > > > > On Fri, Jun 14, 2019 at 02:36:30PM +0200, Pablo Neira Ayuso wrote: > > > __CMD_FLUSH_RULESET is a dummy definition that used to skip the netlink > > > dump to populate the cache. This patch is a workaround until we have a > > > better infrastructure to track the state of the cache objects. > > > > I assumed the problem wouldn't exist anymore since we're populating the > > cache just once. Can you maybe elaborate a bit on the problem you're > > trying to solve with that workaround? > > If nft segfaults to dump the cache, 'nft flush ruleset' will not work > since it always fetches the cache, it will segfault too. > > The flush ruleset command was still dumping the cache before this > patch. In general, we still need to improve the cache logic, to make it finer grain. Now that we have a single point to populate the cache, things will get more simple. We need to replace the cache command level to cache flags or our own cache level definitions. The existing approach that uses of commands to define the cache level completeness has its own limitations. We can discuss this during the NFWS :-).
