Hi,
On Mon, Jun 17, 2019 at 02:25:16PM +0200, Pablo Neira Ayuso wrote:
[...]
> -int cache_evaluate(struct nft_ctx *nft, struct list_head *cmds)
> +unsigned int cache_evaluate(struct nft_ctx *nft, struct list_head *cmds)
> {
> - unsigned int echo_completeness = CMD_INVALID;
> - unsigned int completeness = CMD_INVALID;
> + unsigned int flags = NFT_CACHE_EMPTY;
> struct cmd *cmd;
>
> list_for_each_entry(cmd, cmds, list) {
> switch (cmd->op) {
> case CMD_ADD:
> case CMD_INSERT:
> - case CMD_REPLACE:
> - if (nft_output_echo(&nft->output))
> - echo_completeness = cmd->op;
> -
> + flags |= NFT_CACHE_TABLE |
> + NFT_CACHE_CHAIN |
> + NFT_CACHE_SET |
> + NFT_CACHE_FLOWTABLE |
> + NFT_CACHE_OBJECT;
This means we start fetching the cache for simple 'add rule' commands
again, right?
This should be the reason why that test case started failing for you.
> +
> + if (nft_output_echo(&nft->output)) {
> + flags |= NFT_CACHE_SETELEM |
> + NFT_CACHE_RULE;
> + break;
> + }
> /* Fall through */
> case CMD_CREATE:
> - completeness = evaluate_cache_add(cmd);
> + flags = evaluate_cache_add(cmd, flags);
> + break;
> + case CMD_REPLACE:
> + flags |= NFT_CACHE_FULL;
> break;
> case CMD_DELETE:
> - completeness = evaluate_cache_del(cmd);
> + flags |= NFT_CACHE_TABLE |
> + NFT_CACHE_CHAIN |
> + NFT_CACHE_SET |
> + NFT_CACHE_FLOWTABLE |
> + NFT_CACHE_OBJECT;
Same here, I guess: Single 'delete rule' command causes fetching of
above ruleset items (unless I miss something).
Cheers, Phil
