Flowtables are only required for error reporting hints if kernel reports
ENOENT. Populate the cache from this error path only.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/cache.c | 9 +++------
src/cmd.c | 4 ++++
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/cache.c b/src/cache.c
index 6ad8e2587806..1fc03f2bbe50 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -30,8 +30,7 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags)
break;
flags |= NFT_CACHE_TABLE |
- NFT_CACHE_SET |
- NFT_CACHE_FLOWTABLE;
+ NFT_CACHE_SET;
list_for_each_entry(set, &cmd->table->sets, list) {
if (set->automerge)
flags |= NFT_CACHE_SETELEM_MAYBE;
@@ -57,8 +56,7 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags)
break;
case CMD_OBJ_RULE:
flags |= NFT_CACHE_TABLE |
- NFT_CACHE_SET |
- NFT_CACHE_FLOWTABLE;
+ NFT_CACHE_SET;
if (cmd->handle.index.id ||
cmd->handle.position.id)
@@ -429,8 +427,7 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
case CMD_DELETE:
case CMD_DESTROY:
flags |= NFT_CACHE_TABLE |
- NFT_CACHE_SET |
- NFT_CACHE_FLOWTABLE;
+ NFT_CACHE_SET;
flags = evaluate_cache_del(cmd, flags);
break;
diff --git a/src/cmd.c b/src/cmd.c
index 507796bdd6a8..e64171e7c4df 100644
--- a/src/cmd.c
+++ b/src/cmd.c
@@ -201,6 +201,10 @@ static int nft_cmd_enoent_flowtable(struct netlink_ctx *ctx,
if (!cmd->handle.flowtable.name)
return 0;
+ if (nft_cache_update(ctx->nft, NFT_CACHE_TABLE | NFT_CACHE_FLOWTABLE,
+ ctx->msgs, NULL) < 0)
+ return 0;
+
ft = flowtable_lookup_fuzzy(cmd->handle.flowtable.name,
&ctx->nft->cache, &table);
/* check table first. */
--
2.30.2
