* [nft PATCH v6 0/5] Support intra-transaction rule references
@ 2019-06-07 17:21 Phil Sutter
2019-06-07 17:21 ` [nft PATCH v6 1/5] cache: Fix evaluation for rules with index reference Phil Sutter
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Phil Sutter @ 2019-06-07 17:21 UTC (permalink / raw
To: Pablo Neira Ayuso; +Cc: Eric Garver, netfilter-devel
After Pablo's evaluation sequence rework, this series (formerly fixing
cache updates as well) has shrunken considerably:
Patch 1 contains a proper fix for that workaround in
evaluate_cache_add().
Patch 2 removes the cache-related workaround in tests/json_echo.
Patches 3 and 4 contain prerequisites for the last one, which actually
implements the support for referencing rules of the same transation with
'index' keyword.
Phil Sutter (5):
cache: Fix evaluation for rules with index reference
tests/json_echo: Drop needless workaround
rule: Introduce rule_lookup_by_index()
src: Make cache_is_complete() public
src: Support intra-transaction rule references
include/rule.h | 5 +
src/cache.c | 8 +-
src/evaluate.c | 94 +++++++++++++++----
src/mnl.c | 4 +
src/rule.c | 13 ++-
tests/json_echo/run-test.py | 6 +-
.../shell/testcases/cache/0003_cache_update_0 | 7 ++
tests/shell/testcases/transactions/0024rule_0 | 17 ++++
tests/shell/testcases/transactions/0025rule_0 | 21 +++++
.../transactions/dumps/0024rule_0.nft | 8 ++
.../transactions/dumps/0025rule_0.nft | 6 ++
11 files changed, 157 insertions(+), 32 deletions(-)
create mode 100755 tests/shell/testcases/transactions/0024rule_0
create mode 100755 tests/shell/testcases/transactions/0025rule_0
create mode 100644 tests/shell/testcases/transactions/dumps/0024rule_0.nft
create mode 100644 tests/shell/testcases/transactions/dumps/0025rule_0.nft
--
2.21.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* [nft PATCH v6 1/5] cache: Fix evaluation for rules with index reference
2019-06-07 17:21 [nft PATCH v6 0/5] Support intra-transaction rule references Phil Sutter
@ 2019-06-07 17:21 ` Phil Sutter
2019-06-07 17:21 ` [nft PATCH v6 2/5] tests/json_echo: Drop needless workaround Phil Sutter
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Phil Sutter @ 2019-06-07 17:21 UTC (permalink / raw
To: Pablo Neira Ayuso; +Cc: Eric Garver, netfilter-devel
After parsing input, rule location data (index or handle) is contained
in cmd->handle, not yet in cmd->rule->handle.
Fixes: 7df42800cf89e ("src: single cache_update() call to build cache before evaluation")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/cache.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/src/cache.c b/src/cache.c
index 2a0f04d12e259..532ef425906ad 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -24,13 +24,7 @@ static unsigned int evaluate_cache_add(struct cmd *cmd)
completeness = cmd->op;
break;
case CMD_OBJ_RULE:
- /* XXX index is set to zero unless this handle_merge() call is
- * invoked, this handle_merge() call is done from the
- * evaluation, which is too late.
- */
- handle_merge(&cmd->rule->handle, &cmd->handle);
-
- if (cmd->rule->handle.index.id)
+ if (cmd->handle.index.id)
completeness = CMD_LIST;
break;
default:
--
2.21.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [nft PATCH v6 2/5] tests/json_echo: Drop needless workaround
2019-06-07 17:21 [nft PATCH v6 0/5] Support intra-transaction rule references Phil Sutter
2019-06-07 17:21 ` [nft PATCH v6 1/5] cache: Fix evaluation for rules with index reference Phil Sutter
@ 2019-06-07 17:21 ` Phil Sutter
2019-06-07 17:21 ` [nft PATCH v6 3/5] rule: Introduce rule_lookup_by_index() Phil Sutter
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Phil Sutter @ 2019-06-07 17:21 UTC (permalink / raw
To: Pablo Neira Ayuso; +Cc: Eric Garver, netfilter-devel
With cache issues now resolved, there is no need for the multi add test
workaround anymore.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
tests/json_echo/run-test.py | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/tests/json_echo/run-test.py b/tests/json_echo/run-test.py
index dd7797fb6f041..a636d5f247702 100755
--- a/tests/json_echo/run-test.py
+++ b/tests/json_echo/run-test.py
@@ -271,12 +271,10 @@ add_quota["add"]["quota"]["name"] = "q"
do_flush()
print("doing multi add")
-# XXX: Add table separately, otherwise this triggers cache bug
-out = do_command(add_table)
-thandle = get_handle(out, add_table["add"])
-add_multi = [ add_chain, add_set, add_rule ]
+add_multi = [ add_table, add_chain, add_set, add_rule ]
out = do_command(add_multi)
+thandle = get_handle(out, add_table["add"])
chandle = get_handle(out, add_chain["add"])
shandle = get_handle(out, add_set["add"])
rhandle = get_handle(out, add_rule["add"])
--
2.21.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [nft PATCH v6 3/5] rule: Introduce rule_lookup_by_index()
2019-06-07 17:21 [nft PATCH v6 0/5] Support intra-transaction rule references Phil Sutter
2019-06-07 17:21 ` [nft PATCH v6 1/5] cache: Fix evaluation for rules with index reference Phil Sutter
2019-06-07 17:21 ` [nft PATCH v6 2/5] tests/json_echo: Drop needless workaround Phil Sutter
@ 2019-06-07 17:21 ` Phil Sutter
2019-06-07 17:21 ` [nft PATCH v6 4/5] src: Make cache_is_complete() public Phil Sutter
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Phil Sutter @ 2019-06-07 17:21 UTC (permalink / raw
To: Pablo Neira Ayuso; +Cc: Eric Garver, netfilter-devel
In contrast to rule_lookup(), this function returns a chain's rule at a
given index instead of by handle.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
include/rule.h | 2 ++
src/rule.c | 11 +++++++++++
2 files changed, 13 insertions(+)
diff --git a/include/rule.h b/include/rule.h
index bf3f39636efb5..87b440b63ba5c 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -260,6 +260,8 @@ extern struct rule *rule_get(struct rule *rule);
extern void rule_free(struct rule *rule);
extern void rule_print(const struct rule *rule, struct output_ctx *octx);
extern struct rule *rule_lookup(const struct chain *chain, uint64_t handle);
+extern struct rule *rule_lookup_by_index(const struct chain *chain,
+ uint64_t index);
/**
* struct set - nftables set
diff --git a/src/rule.c b/src/rule.c
index e570238a40f5b..20fe6f3758cbc 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -641,6 +641,17 @@ struct rule *rule_lookup(const struct chain *chain, uint64_t handle)
return NULL;
}
+struct rule *rule_lookup_by_index(const struct chain *chain, uint64_t index)
+{
+ struct rule *rule;
+
+ list_for_each_entry(rule, &chain->rules, list) {
+ if (!--index)
+ return rule;
+ }
+ return NULL;
+}
+
struct scope *scope_init(struct scope *scope, const struct scope *parent)
{
scope->parent = parent;
--
2.21.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [nft PATCH v6 4/5] src: Make cache_is_complete() public
2019-06-07 17:21 [nft PATCH v6 0/5] Support intra-transaction rule references Phil Sutter
` (2 preceding siblings ...)
2019-06-07 17:21 ` [nft PATCH v6 3/5] rule: Introduce rule_lookup_by_index() Phil Sutter
@ 2019-06-07 17:21 ` Phil Sutter
2019-06-07 17:21 ` [nft PATCH v6 5/5] src: Support intra-transaction rule references Phil Sutter
2019-06-07 21:59 ` [nft PATCH v6 0/5] " Pablo Neira Ayuso
5 siblings, 0 replies; 7+ messages in thread
From: Phil Sutter @ 2019-06-07 17:21 UTC (permalink / raw
To: Pablo Neira Ayuso; +Cc: Eric Garver, netfilter-devel
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
include/rule.h | 1 +
src/rule.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/rule.h b/include/rule.h
index 87b440b63ba5c..8ccdc2e1c143f 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -639,6 +639,7 @@ extern int cache_update(struct nft_ctx *ctx, enum cmd_ops cmd,
extern void cache_flush(struct nft_ctx *ctx, enum cmd_ops cmd,
struct list_head *msgs);
extern void cache_release(struct nft_cache *cache);
+extern bool cache_is_complete(struct nft_cache *cache, enum cmd_ops cmd);
struct timeout_protocol {
uint32_t array_size;
diff --git a/src/rule.c b/src/rule.c
index 20fe6f3758cbc..ad549b1eee8ac 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -232,7 +232,7 @@ static int cache_completeness(enum cmd_ops cmd)
return 1;
}
-static bool cache_is_complete(struct nft_cache *cache, enum cmd_ops cmd)
+bool cache_is_complete(struct nft_cache *cache, enum cmd_ops cmd)
{
return cache_completeness(cache->cmd) >= cache_completeness(cmd);
}
--
2.21.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [nft PATCH v6 5/5] src: Support intra-transaction rule references
2019-06-07 17:21 [nft PATCH v6 0/5] Support intra-transaction rule references Phil Sutter
` (3 preceding siblings ...)
2019-06-07 17:21 ` [nft PATCH v6 4/5] src: Make cache_is_complete() public Phil Sutter
@ 2019-06-07 17:21 ` Phil Sutter
2019-06-07 21:59 ` [nft PATCH v6 0/5] " Pablo Neira Ayuso
5 siblings, 0 replies; 7+ messages in thread
From: Phil Sutter @ 2019-06-07 17:21 UTC (permalink / raw
To: Pablo Neira Ayuso; +Cc: Eric Garver, netfilter-devel
A rule may be added before or after another one using index keyword. To
support for the other rule being added within the same batch, one has to
make use of NFTNL_RULE_ID and NFTNL_RULE_POSITION_ID attributes. This
patch does just that among a few more crucial things:
* If cache is complete enough to contain rules, update cache when
evaluating rule commands so later index references resolve correctly.
* Reduce rule_translate_index() to its core code which is the actual
linking of rules and consequently rename the function. The removed
bits are pulled into the calling rule_evaluate() to reduce code
duplication in between cache updates with and without rule reference.
* Pass the current command op to rule_evaluate() as indicator whether to
insert before or after a referenced rule or at beginning or end of
chain in cache. Exploit this from chain_evaluate() to avoid adding
the chain's rules a second time.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
Changes since v5:
- Adjust to new cache update fix.
- Move rule_cache_update() to evaluate.c, the only place where it is
called from.
- Simplify rule_cache_update() signature: Since it is only called from
rule_evaluate(), passed rule pointer is always available in ctx->rule
so use that instead.
Changes since v4:
- Move whole rule reference finding and linking code into
rule_cache_update() to simplify callers.
- Move rule_cache_update() to right before cache_add_rule_cmd().
- Fix the code regarding which handle and which rule pointer to use,
resolves The segfault Eric mentioned.
- Skip cache updates for rule delete and replace commands, this restores
old behaviour regarding "guessed" rule handles.
- Also simplify skp logic itself: If cache is complete, add all rules
while evaluating them. Previous cache completeness level lowering was
problematic after cache flush command.
- Add additional test case for delete/replace commands.
Changes since v1:
- Move rule list manipulation into a dedicated function
rule_cache_update().
- Restore old performance for simple commands by fetching a full rule
cache only if the currently evaluated rule references another one.
- Extend 0024rule_0 test a bit to make sure things work with interactive
nft also.
---
include/rule.h | 2 +
src/evaluate.c | 94 +++++++++++++++----
src/mnl.c | 4 +
.../shell/testcases/cache/0003_cache_update_0 | 7 ++
tests/shell/testcases/transactions/0024rule_0 | 17 ++++
tests/shell/testcases/transactions/0025rule_0 | 21 +++++
.../transactions/dumps/0024rule_0.nft | 8 ++
.../transactions/dumps/0025rule_0.nft | 6 ++
8 files changed, 139 insertions(+), 20 deletions(-)
create mode 100755 tests/shell/testcases/transactions/0024rule_0
create mode 100755 tests/shell/testcases/transactions/0025rule_0
create mode 100644 tests/shell/testcases/transactions/dumps/0024rule_0.nft
create mode 100644 tests/shell/testcases/transactions/dumps/0025rule_0.nft
diff --git a/include/rule.h b/include/rule.h
index 8ccdc2e1c143f..dd9df9ec6dd82 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -73,6 +73,8 @@ struct handle {
struct position_spec position;
struct position_spec index;
uint32_t set_id;
+ uint32_t rule_id;
+ uint32_t position_id;
};
extern void handle_merge(struct handle *dst, const struct handle *src);
diff --git a/src/evaluate.c b/src/evaluate.c
index b9660d778172d..39101b486b2f0 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3180,13 +3180,29 @@ static int flowtable_evaluate(struct eval_ctx *ctx, struct flowtable *ft)
return 0;
}
-/* Convert rule's handle.index into handle.position. */
-static int rule_translate_index(struct eval_ctx *ctx, struct rule *rule)
+/* make src point at dst, either via handle.position or handle.position_id */
+static void link_rules(struct rule *src, struct rule *dst)
{
+ static uint32_t ref_id = 0;
+
+ if (dst->handle.handle.id) {
+ /* dst is in kernel, make src reference it by handle */
+ src->handle.position.id = dst->handle.handle.id;
+ src->handle.position.location = src->handle.index.location;
+ return;
+ }
+
+ /* dst is not in kernel, make src reference it by per-transaction ID */
+ if (!dst->handle.rule_id)
+ dst->handle.rule_id = ++ref_id;
+ src->handle.position_id = dst->handle.rule_id;
+}
+
+static int rule_cache_update(struct eval_ctx *ctx, enum cmd_ops op)
+{
+ struct rule *rule = ctx->rule, *ref = NULL;
struct table *table;
struct chain *chain;
- uint64_t index = 0;
- struct rule *r;
table = table_lookup(&rule->handle, &ctx->nft->cache);
if (!table)
@@ -3196,21 +3212,59 @@ static int rule_translate_index(struct eval_ctx *ctx, struct rule *rule)
if (!chain)
return chain_not_found(ctx);
- list_for_each_entry(r, &chain->rules, list) {
- if (++index < rule->handle.index.id)
- continue;
- rule->handle.position.id = r->handle.handle.id;
- rule->handle.position.location = rule->handle.index.location;
+ if (rule->handle.index.id) {
+ ref = rule_lookup_by_index(chain, rule->handle.index.id);
+ if (!ref)
+ return cmd_error(ctx, &rule->handle.index.location,
+ "Could not process rule: %s",
+ strerror(ENOENT));
+
+ link_rules(rule, ref);
+ } else if (rule->handle.handle.id) {
+ ref = rule_lookup(chain, rule->handle.handle.id);
+ if (!ref)
+ return cmd_error(ctx, &rule->handle.handle.location,
+ "Could not process rule: %s",
+ strerror(ENOENT));
+ } else if (rule->handle.position.id) {
+ ref = rule_lookup(chain, rule->handle.position.id);
+ if (!ref)
+ return cmd_error(ctx, &rule->handle.position.location,
+ "Could not process rule: %s",
+ strerror(ENOENT));
+ }
+
+ switch (op) {
+ case CMD_INSERT:
+ rule_get(rule);
+ if (ref)
+ list_add_tail(&rule->list, &ref->list);
+ else
+ list_add(&rule->list, &chain->rules);
+ break;
+ case CMD_ADD:
+ rule_get(rule);
+ if (ref)
+ list_add(&rule->list, &ref->list);
+ else
+ list_add_tail(&rule->list, &chain->rules);
+ break;
+ case CMD_REPLACE:
+ rule_get(rule);
+ list_add(&rule->list, &ref->list);
+ /* fall through */
+ case CMD_DELETE:
+ list_del(&ref->list);
+ rule_free(ref);
+ break;
+ default:
break;
}
- if (!rule->handle.position.id)
- return cmd_error(ctx, &rule->handle.index.location,
- "Could not process rule: %s",
- strerror(ENOENT));
return 0;
}
-static int rule_evaluate(struct eval_ctx *ctx, struct rule *rule)
+static int rule_evaluate(struct eval_ctx *ctx, struct rule *rule,
+ enum cmd_ops op)
{
struct stmt *stmt, *tstmt = NULL;
struct error_record *erec;
@@ -3238,11 +3292,11 @@ static int rule_evaluate(struct eval_ctx *ctx, struct rule *rule)
return -1;
}
- if (rule->handle.index.id &&
- rule_translate_index(ctx, rule))
- return -1;
+ /* add rules to cache only if it is complete enough to contain them */
+ if (!cache_is_complete(&ctx->nft->cache, CMD_LIST))
+ return 0;
- return 0;
+ return rule_cache_update(ctx, op);
}
static uint32_t str2hooknum(uint32_t family, const char *hook)
@@ -3323,7 +3377,7 @@ static int chain_evaluate(struct eval_ctx *ctx, struct chain *chain)
list_for_each_entry(rule, &chain->rules, list) {
handle_merge(&rule->handle, &chain->handle);
- if (rule_evaluate(ctx, rule) < 0)
+ if (rule_evaluate(ctx, rule, CMD_INVALID) < 0)
return -1;
}
return 0;
@@ -3410,7 +3464,7 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd)
return set_evaluate(ctx, cmd->set);
case CMD_OBJ_RULE:
handle_merge(&cmd->rule->handle, &cmd->handle);
- return rule_evaluate(ctx, cmd->rule);
+ return rule_evaluate(ctx, cmd->rule, cmd->op);
case CMD_OBJ_CHAIN:
return chain_evaluate(ctx, cmd->chain);
case CMD_OBJ_TABLE:
diff --git a/src/mnl.c b/src/mnl.c
index 83dfb9d2da20a..6ebad28bfc7d2 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -378,6 +378,10 @@ int mnl_nft_rule_add(struct netlink_ctx *ctx, const struct cmd *cmd,
nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, h->chain.name);
if (h->position.id)
nftnl_rule_set_u64(nlr, NFTNL_RULE_POSITION, h->position.id);
+ if (h->rule_id)
+ nftnl_rule_set_u32(nlr, NFTNL_RULE_ID, h->rule_id);
+ if (h->position_id)
+ nftnl_rule_set_u32(nlr, NFTNL_RULE_POSITION_ID, h->position_id);
netlink_linearize_rule(ctx, nlr, rule);
nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch),
diff --git a/tests/shell/testcases/cache/0003_cache_update_0 b/tests/shell/testcases/cache/0003_cache_update_0
index fa9b5df380a41..05edc9c7c33eb 100755
--- a/tests/shell/testcases/cache/0003_cache_update_0
+++ b/tests/shell/testcases/cache/0003_cache_update_0
@@ -34,6 +34,9 @@ EOF
# add rule ip t4 c meta l4proto icmp accept -> rule to reference in next step
# add rule ip t4 c index 0 drop -> index 0 is not found due to rule cache not
# being updated
+# add rule ip t4 c index 2 drop -> index 2 is not found due to igmp rule being
+# in same transaction and therefore not having
+# an allocated handle
$NFT -i >/dev/null <<EOF
add table ip t4; add chain ip t4 c
add rule ip t4 c meta l4proto icmp accept
@@ -41,3 +44,7 @@ EOF
$NFT -f - >/dev/null <<EOF
add rule ip t4 c index 0 drop
EOF
+$NFT -f - >/dev/null <<EOF
+add rule ip t4 c meta l4proto igmp accept
+add rule ip t4 c index 2 drop
+EOF
diff --git a/tests/shell/testcases/transactions/0024rule_0 b/tests/shell/testcases/transactions/0024rule_0
new file mode 100755
index 0000000000000..4c1ac41db3b47
--- /dev/null
+++ b/tests/shell/testcases/transactions/0024rule_0
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+RULESET="flush ruleset
+add table x
+add chain x y
+add rule x y accept comment rule1
+add rule x y accept comment rule4
+add rule x y index 0 accept comment rule2
+insert rule x y index 2 accept comment rule3"
+
+$NFT -f - <<< "$RULESET" && \
+ $NFT -f - <<< "$RULESET" && \
+ echo "$RULESET" | tr '\n' ';' | $NFT -i >/dev/null && \
+ exit 0
+echo "E: intra-transaction rule reference failed"
+exit 1
+
diff --git a/tests/shell/testcases/transactions/0025rule_0 b/tests/shell/testcases/transactions/0025rule_0
new file mode 100755
index 0000000000000..d72d5cfcc75d4
--- /dev/null
+++ b/tests/shell/testcases/transactions/0025rule_0
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# make sure stored delete/replace rule commands are correctly applied
+
+set -e
+
+$NFT -f - <<EOF
+flush ruleset
+table x {
+ chain y {
+ accept
+ log
+ }
+}
+EOF
+
+$NFT -f - <<EOF
+replace rule x y handle 2 log
+delete rule x y handle 3
+add rule x y index 0 drop
+EOF
diff --git a/tests/shell/testcases/transactions/dumps/0024rule_0.nft b/tests/shell/testcases/transactions/dumps/0024rule_0.nft
new file mode 100644
index 0000000000000..7860ff654c5e2
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0024rule_0.nft
@@ -0,0 +1,8 @@
+table ip x {
+ chain y {
+ accept comment "rule1"
+ accept comment "rule2"
+ accept comment "rule3"
+ accept comment "rule4"
+ }
+}
diff --git a/tests/shell/testcases/transactions/dumps/0025rule_0.nft b/tests/shell/testcases/transactions/dumps/0025rule_0.nft
new file mode 100644
index 0000000000000..dcb61ae65fbde
--- /dev/null
+++ b/tests/shell/testcases/transactions/dumps/0025rule_0.nft
@@ -0,0 +1,6 @@
+table ip x {
+ chain y {
+ log
+ drop
+ }
+}
--
2.21.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [nft PATCH v6 0/5] Support intra-transaction rule references
2019-06-07 17:21 [nft PATCH v6 0/5] Support intra-transaction rule references Phil Sutter
` (4 preceding siblings ...)
2019-06-07 17:21 ` [nft PATCH v6 5/5] src: Support intra-transaction rule references Phil Sutter
@ 2019-06-07 21:59 ` Pablo Neira Ayuso
5 siblings, 0 replies; 7+ messages in thread
From: Pablo Neira Ayuso @ 2019-06-07 21:59 UTC (permalink / raw
To: Phil Sutter; +Cc: Eric Garver, netfilter-devel
On Fri, Jun 07, 2019 at 07:21:16PM +0200, Phil Sutter wrote:
> After Pablo's evaluation sequence rework, this series (formerly fixing
> cache updates as well) has shrunken considerably:
>
> Patch 1 contains a proper fix for that workaround in
> evaluate_cache_add().
>
> Patch 2 removes the cache-related workaround in tests/json_echo.
>
> Patches 3 and 4 contain prerequisites for the last one, which actually
> implements the support for referencing rules of the same transation with
> 'index' keyword.
Series applied, thanks Phil.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-06-07 21:59 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-06-07 17:21 [nft PATCH v6 0/5] Support intra-transaction rule references Phil Sutter
2019-06-07 17:21 ` [nft PATCH v6 1/5] cache: Fix evaluation for rules with index reference Phil Sutter
2019-06-07 17:21 ` [nft PATCH v6 2/5] tests/json_echo: Drop needless workaround Phil Sutter
2019-06-07 17:21 ` [nft PATCH v6 3/5] rule: Introduce rule_lookup_by_index() Phil Sutter
2019-06-07 17:21 ` [nft PATCH v6 4/5] src: Make cache_is_complete() public Phil Sutter
2019-06-07 17:21 ` [nft PATCH v6 5/5] src: Support intra-transaction rule references Phil Sutter
2019-06-07 21:59 ` [nft PATCH v6 0/5] " Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.