/*
* Copyright (c) 2019 Pablo Neira Ayuso <pablo@netfilter.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 (or any
* later) as published by the Free Software Foundation.
*/
#include <expression.h>
#include <statement.h>
#include <rule.h>
#include <erec.h>
#include <utils.h>
#include <cache.h>
static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags)
{
switch (cmd->obj) {
case CMD_OBJ_CHAIN:
case CMD_OBJ_SET:
case CMD_OBJ_COUNTER:
case CMD_OBJ_QUOTA:
case CMD_OBJ_LIMIT:
case CMD_OBJ_SECMARK:
case CMD_OBJ_FLOWTABLE:
flags |= NFT_CACHE_TABLE;
break;
case CMD_OBJ_SETELEM:
flags |= NFT_CACHE_TABLE |
NFT_CACHE_CHAIN |
NFT_CACHE_SET |
NFT_CACHE_OBJECT |
NFT_CACHE_SETELEM;
break;
case CMD_OBJ_RULE:
flags |= NFT_CACHE_TABLE |
NFT_CACHE_CHAIN |
NFT_CACHE_SET |
NFT_CACHE_OBJECT |
NFT_CACHE_FLOWTABLE;
if (cmd->handle.index.id ||
cmd->handle.position.id)
flags |= NFT_CACHE_RULE | NFT_CACHE_UPDATE;
break;
default:
break;
}
return flags;
}
static unsigned int evaluate_cache_del(struct cmd *cmd, unsigned int flags)
{
switch (cmd->obj) {
case CMD_OBJ_SETELEM:
flags |= NFT_CACHE_SETELEM;
break;
default:
break;
}
return flags;
}
static unsigned int evaluate_cache_get(struct cmd *cmd, unsigned int flags)
{
switch (cmd->obj) {
case CMD_OBJ_SETELEM:
flags |= NFT_CACHE_TABLE |
NFT_CACHE_SET |
NFT_CACHE_SETELEM;
break;
default:
break;
}
return flags;
}
static unsigned int evaluate_cache_flush(struct cmd *cmd, unsigned int flags)
{
switch (cmd->obj) {
case CMD_OBJ_SET:
case CMD_OBJ_MAP:
case CMD_OBJ_METER:
flags |= NFT_CACHE_SET;
break;
case CMD_OBJ_RULESET:
flags |= NFT_CACHE_FLUSHED;
break;
default:
break;
}
return flags;
}
static unsigned int evaluate_cache_rename(struct cmd *cmd, unsigned int flags)
{
switch (cmd->obj) {
case CMD_OBJ_CHAIN:
flags |= NFT_CACHE_CHAIN;
break;
default:
break;
}
return flags;
}
unsigned int cache_evaluate(struct nft_ctx *nft, struct list_head *cmds)
{
unsigned int flags = NFT_CACHE_EMPTY;
struct cmd *cmd;
list_for_each_entry(cmd, cmds, list) {
switch (cmd->op) {
case CMD_ADD:
case CMD_INSERT:
case CMD_CREATE:
flags = evaluate_cache_add(cmd, flags);
if (nft_output_echo(&nft->output))
flags |= NFT_CACHE_FULL;
break;
case CMD_REPLACE:
flags = NFT_CACHE_FULL;
break;
case CMD_DELETE:
flags |= NFT_CACHE_TABLE |
NFT_CACHE_CHAIN |
NFT_CACHE_SET |
NFT_CACHE_FLOWTABLE |
NFT_CACHE_OBJECT;
flags = evaluate_cache_del(cmd, flags);
break;
case CMD_GET:
flags = evaluate_cache_get(cmd, flags);
break;
case CMD_RESET:
flags |= NFT_CACHE_TABLE;
break;
case CMD_LIST:
case CMD_EXPORT:
case CMD_MONITOR:
flags |= NFT_CACHE_FULL;
break;
case CMD_FLUSH:
flags = evaluate_cache_flush(cmd, flags);
break;
case CMD_RENAME:
flags = evaluate_cache_rename(cmd, flags);
break;
case CMD_DESCRIBE:
case CMD_IMPORT:
break;
default:
break;
}
}
return flags;
}