git.ipfire.org Git - thirdparty/iptables.git/commit

author	Phil Sutter <phil@nwl.cc>
	Tue, 28 Feb 2023 17:09:25 +0000 (18:09 +0100)
committer	Phil Sutter <phil@nwl.cc>
	Wed, 1 Mar 2023 19:15:45 +0000 (20:15 +0100)
commit	5fd85822bd12a02f1a921243f605fc6238d705b4
tree	1eae37af351b26ba4f2ea53113368be7a5f8808a	tree
parent	8030e5444681e16ac2f481ddad73e33fab376147	commit \| diff

nft-restore: Fix for deletion of new, referenced rule

Combining multiple corner-cases here:

* Insert a rule before another new one which is not the first. Triggers
NFTNL_RULE_ID assignment of the latter.

* Delete the referenced new rule in the same batch again. Causes
overwriting of the previously assigned RULE_ID.

Consequently, iptables-nft-restore fails during *insert*, because the
reference is dangling.

Reported-by: Eric Garver <eric@garver.life>
Fixes: 760b35b46e4cc ("nft: Fix for add and delete of same rule in single batch")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Tested-by: Eric Garver <eric@garver.life>

iptables/nft.c		diff \| blob \| blame \| history
iptables/tests/shell/testcases/ipt-restore/0003-restore-ordering_0		diff \| blob \| blame \| history