If 'flush ruleset' command is done, release the cache but still keep the generation ID around. Hence, follow up calls to cache_update() will assume that cache is updated and will not perform a netlink dump.
Signed-off-by: Pablo Neira Ayuso <[email protected]> --- include/rule.h | 4 +++- src/evaluate.c | 3 ++- src/rule.c | 19 +++++++++++++++++-- 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/include/rule.h b/include/rule.h index cfecf7ffdd27..909ff36db80c 100644 --- a/include/rule.h +++ b/include/rule.h @@ -580,7 +580,9 @@ extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd); extern int cache_update(struct mnl_socket *nf_sock, struct nft_cache *cache, enum cmd_ops cmd, struct list_head *msgs, unsigned int debug_flag, struct output_ctx *octx); -extern void cache_flush(struct list_head *table_list); +extern void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache, + enum cmd_ops cmd, struct list_head *msgs, + unsigned int debug_mask, struct output_ctx *octx); extern void cache_release(struct nft_cache *cache); enum udata_type { diff --git a/src/evaluate.c b/src/evaluate.c index 27e4f61137c0..c4ee3cc94a3d 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3348,7 +3348,8 @@ static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd) switch (cmd->obj) { case CMD_OBJ_RULESET: - cache_flush(&ctx->cache->list); + cache_flush(ctx->nf_sock, ctx->cache, cmd->op, ctx->msgs, + ctx->debug_mask, ctx->octx); break; case CMD_OBJ_TABLE: /* Flushing a table does not empty the sets in the table nor remove diff --git a/src/rule.c b/src/rule.c index 3e8dea4094cf..7644888af689 100644 --- a/src/rule.c +++ b/src/rule.c @@ -187,7 +187,7 @@ replay: return 0; } -void cache_flush(struct list_head *table_list) +static void __cache_flush(struct list_head *table_list) { struct table *table, *next; @@ -197,9 +197,24 @@ void cache_flush(struct list_head *table_list) } } +void cache_flush(struct mnl_socket *nf_sock, struct nft_cache *cache, + enum cmd_ops cmd, struct list_head *msgs, + unsigned int debug_mask, struct output_ctx *octx) +{ + struct netlink_ctx ctx = { + .list = LIST_HEAD_INIT(ctx.list), + .nf_sock = nf_sock, + .cache = cache, + .msgs = msgs, + }; + + __cache_flush(&cache->list); + cache->genid = netlink_genid_get(&ctx); +} + void cache_release(struct nft_cache *cache) { - cache_flush(&cache->list); + __cache_flush(&cache->list); cache->genid = 0; } -- 2.11.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
