@@ -409,13 +409,14 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
struct list_head *msgs, struct nft_cache_filter *filter,
unsigned int *pflags)
{
- unsigned int flags = NFT_CACHE_EMPTY;
+ unsigned int flags, batch_flags = NFT_CACHE_EMPTY;
struct cmd *cmd;
list_for_each_entry(cmd, cmds, list) {
if (nft_handle_validate(cmd, msgs) < 0)
return -1;
+ flags = NFT_CACHE_EMPTY;
reset_filter(filter);
switch (cmd->op) {
@@ -439,13 +440,13 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
flags = evaluate_cache_get(cmd, flags);
break;
case CMD_RESET:
- flags |= evaluate_cache_reset(cmd, flags, filter);
+ flags = evaluate_cache_reset(cmd, flags, filter);
break;
case CMD_LIST:
- flags |= evaluate_cache_list(nft, cmd, flags, filter);
+ flags = evaluate_cache_list(nft, cmd, flags, filter);
break;
case CMD_MONITOR:
- flags |= NFT_CACHE_FULL;
+ flags = NFT_CACHE_FULL;
break;
case CMD_FLUSH:
flags = evaluate_cache_flush(cmd, flags, filter);
@@ -460,8 +461,9 @@ int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds,
default:
break;
}
+ batch_flags |= flags;
}
- *pflags = flags;
+ *pflags = batch_flags;
return 0;
}
Recent updates are relaxing cache requirements: babc6ee8773c ("cache: populate chains on demand from error path") Flags describe cache requirements for a given batch, accumulate flags that are inferred from commands in this batch. Fixes: 7df42800cf89 ("src: single cache_update() call to build cache before evaluation") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- v2: new in this series src/cache.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)