Message ID | 20190905170939.4132-1-pablo@netfilter.org |
---|---|
State | Changes Requested |
Delegated to: | Pablo Neira |
Headers | show |
Series | [nft] cache: fix --echo with index/position | expand |
On Thu, Sep 05, 2019 at 07:09:39PM +0200, Pablo Neira Ayuso wrote: > Check for the index/position in case the echo flag is set on. Set the > NFT_CACHE_UPDATE flag in this case to enable incremental cache updates. > > Reported-by: Eric Garver <eric@garver.life> > Fixes: 01e5c6f0ed03 ("src: add cache level flags") > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> > --- > src/cache.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/src/cache.c b/src/cache.c > index cffcbb623ced..71d16a0fbeed 100644 > --- a/src/cache.c > +++ b/src/cache.c > @@ -106,6 +106,9 @@ unsigned int cache_evaluate(struct nft_ctx *nft, struct list_head *cmds) > case CMD_CREATE: > if (nft_output_echo(&nft->output)) { > flags = NFT_CACHE_FULL; > + if (cmd->handle.index.id || > + cmd->handle.position.id) > + flags |= NFT_CACHE_UPDATE; > break; > } > flags = evaluate_cache_add(cmd, flags); We can keep the special cases isolated to evaluate_cache_add() by always calling it. diff --git a/src/cache.c b/src/cache.c index cffcbb623ced..f7ca8fe9068f 100644 --- a/src/cache.c +++ b/src/cache.c @@ -104,11 +104,10 @@ unsigned int cache_evaluate(struct nft_ctx *nft, struct list_head *cmds) case CMD_ADD: case CMD_INSERT: case CMD_CREATE: + flags = evaluate_cache_add(cmd, flags); if (nft_output_echo(&nft->output)) { - flags = NFT_CACHE_FULL; - break; + flags |= NFT_CACHE_FULL; } - flags = evaluate_cache_add(cmd, flags); break; case CMD_REPLACE: flags = NFT_CACHE_FULL;
On Thu, Sep 05, 2019 at 04:44:32PM -0400, Eric Garver wrote: > On Thu, Sep 05, 2019 at 07:09:39PM +0200, Pablo Neira Ayuso wrote: > > Check for the index/position in case the echo flag is set on. Set the > > NFT_CACHE_UPDATE flag in this case to enable incremental cache updates. > > > > Reported-by: Eric Garver <eric@garver.life> > > Fixes: 01e5c6f0ed03 ("src: add cache level flags") > > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> > > --- > > src/cache.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/src/cache.c b/src/cache.c > > index cffcbb623ced..71d16a0fbeed 100644 > > --- a/src/cache.c > > +++ b/src/cache.c > > @@ -106,6 +106,9 @@ unsigned int cache_evaluate(struct nft_ctx *nft, struct list_head *cmds) > > case CMD_CREATE: > > if (nft_output_echo(&nft->output)) { > > flags = NFT_CACHE_FULL; > > + if (cmd->handle.index.id || > > + cmd->handle.position.id) > > + flags |= NFT_CACHE_UPDATE; > > break; > > } > > flags = evaluate_cache_add(cmd, flags); > > We can keep the special cases isolated to evaluate_cache_add() by always > calling it. That's fine too, yes. Would you formally submit this patch? Thanks. > diff --git a/src/cache.c b/src/cache.c > index cffcbb623ced..f7ca8fe9068f 100644 > --- a/src/cache.c > +++ b/src/cache.c > @@ -104,11 +104,10 @@ unsigned int cache_evaluate(struct nft_ctx *nft, struct list_head *cmds) > case CMD_ADD: > case CMD_INSERT: > case CMD_CREATE: > + flags = evaluate_cache_add(cmd, flags); > if (nft_output_echo(&nft->output)) { > - flags = NFT_CACHE_FULL; > - break; > + flags |= NFT_CACHE_FULL; > } > - flags = evaluate_cache_add(cmd, flags); > break; > case CMD_REPLACE: > flags = NFT_CACHE_FULL;
diff --git a/src/cache.c b/src/cache.c index cffcbb623ced..71d16a0fbeed 100644 --- a/src/cache.c +++ b/src/cache.c @@ -106,6 +106,9 @@ unsigned int cache_evaluate(struct nft_ctx *nft, struct list_head *cmds) case CMD_CREATE: if (nft_output_echo(&nft->output)) { flags = NFT_CACHE_FULL; + if (cmd->handle.index.id || + cmd->handle.position.id) + flags |= NFT_CACHE_UPDATE; break; } flags = evaluate_cache_add(cmd, flags);
Check for the index/position in case the echo flag is set on. Set the NFT_CACHE_UPDATE flag in this case to enable incremental cache updates. Reported-by: Eric Garver <eric@garver.life> Fixes: 01e5c6f0ed03 ("src: add cache level flags") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- src/cache.c | 3 +++ 1 file changed, 3 insertions(+)