NFT_CACHE_REFRESH is set on inconditionally by ruleset listing commands
to deal with stateful information in this ruleset. This flag results in
dropping the existing cache and fully fetching all objects from the
kernel.
Check if this flag is requested by the current list of commands, instead
of checking at cache->flags which represents the cache after the
_previous_ list of commands.
Fixes: 407c54f71255 ("src: cache gets out of sync in interactive mode")
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/cache.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/cache.c b/src/cache.c
index c000e32c497f..7cc84d714b08 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -1177,9 +1177,9 @@ static bool nft_cache_is_complete(struct nft_cache *cache, unsigned int flags)
return (cache->flags & flags) == flags;
}
-static bool nft_cache_needs_refresh(struct nft_cache *cache)
+static bool nft_cache_needs_refresh(unsigned int flags)
{
- return cache->flags & NFT_CACHE_REFRESH;
+ return flags & NFT_CACHE_REFRESH;
}
static bool nft_cache_is_updated(struct nft_cache *cache, uint16_t genid)
@@ -1207,7 +1207,7 @@ int nft_cache_update(struct nft_ctx *nft, unsigned int flags,
replay:
ctx.seqnum = cache->seqnum++;
genid = mnl_genid_get(&ctx);
- if (!nft_cache_needs_refresh(cache) &&
+ if (!nft_cache_needs_refresh(flags) &&
nft_cache_is_complete(cache, flags) &&
nft_cache_is_updated(cache, genid))
return 0;
--
2.30.2
