Add NFT_CACHE_SETELEM_MAYBE to dump the set elements conditionally,
only in case that the set interval flag is set on.
Reported-by: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
include/cache.h | 1 +
src/cache.c | 16 ++++++++++++++--
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/include/cache.h b/include/cache.h
index ad9078432c73..70aaf735f7d9 100644
--- a/include/cache.h
+++ b/include/cache.h
@@ -32,6 +32,7 @@ enum cache_level_flags {
NFT_CACHE_CHAIN_BIT |
NFT_CACHE_RULE_BIT,
NFT_CACHE_FULL = __NFT_CACHE_MAX_BIT - 1,
+ NFT_CACHE_SETELEM_MAYBE = (1 << 28),
NFT_CACHE_REFRESH = (1 << 29),
NFT_CACHE_UPDATE = (1 << 30),
NFT_CACHE_FLUSHED = (1 << 31),
diff --git a/src/cache.c b/src/cache.c
index ff63e59eaafc..8300ce8e707a 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -38,7 +38,7 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags)
NFT_CACHE_CHAIN |
NFT_CACHE_SET |
NFT_CACHE_OBJECT |
- NFT_CACHE_SETELEM;
+ NFT_CACHE_SETELEM_MAYBE;
break;
case CMD_OBJ_RULE:
flags |= NFT_CACHE_TABLE |
@@ -62,7 +62,7 @@ static unsigned int evaluate_cache_del(struct cmd *cmd, unsigned int flags)
{
switch (cmd->obj) {
case CMD_OBJ_ELEMENTS:
- flags |= NFT_CACHE_SETELEM;
+ flags |= NFT_CACHE_SETELEM_MAYBE;
break;
default:
break;
@@ -600,6 +600,18 @@ static int cache_init_objects(struct netlink_ctx *ctx, unsigned int flags)
}
if (flags & NFT_CACHE_SETELEM_BIT) {
list_for_each_entry(set, &table->set_cache.list, cache.list) {
+ ret = netlink_list_setelems(ctx, &set->handle,
+ set);
+ if (ret < 0) {
+ ret = -1;
+ goto cache_fails;
+ }
+ }
+ } else if (flags & NFT_CACHE_SETELEM_MAYBE) {
+ list_for_each_entry(set, &table->set_cache.list, cache.list) {
+ if (!set_is_non_concat_range(set))
+ continue;
+
ret = netlink_list_setelems(ctx, &set->handle,
set);
if (ret < 0) {
--
2.20.1
