]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6c3fbd2)
rule: flush set cache before flush command
authorPablo Neira Ayuso <pablo@netfilter.org>
Mon, 20 Jul 2020 23:50:06 +0000 (01:50 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 21 Jul 2020 12:20:18 +0000 (14:20 +0200)
Flush the set cache before adding the flush command to the netlink batch.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/rule.c patch | blob | blame | history
tests/shell/testcases/sets/0052overlap_0 [new file with mode: 0755] patch | blob
tests/shell/testcases/sets/dumps/0052overlap_0.nft [new file with mode: 0644] patch | blob

diff --git a/src/rule.c b/src/rule.c
index fa1861403ba155a5912e16ddcf0c6e10562652c1..6b71dfee0d09a0390eab7554ac3d85db86c1f3c6 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -2692,6 +2692,21 @@ static int do_command_reset(struct netlink_ctx *ctx, struct cmd *cmd)
        return do_list_obj(ctx, cmd, type);
 }
 
+static void flush_set_cache(struct netlink_ctx *ctx, struct cmd *cmd)
+{
+       struct table *table;
+       struct set *set;
+
+       table = table_lookup(&cmd->handle, &ctx->nft->cache);
+       assert(table);
+       set = set_lookup(table, cmd->handle.set.name);
+       assert(set);
+       if (set->init != NULL) {
+               expr_free(set->init);
+               set->init = NULL;
+       }
+}
+
 static int do_command_flush(struct netlink_ctx *ctx, struct cmd *cmd)
 {
        switch (cmd->obj) {
@@ -2701,6 +2716,7 @@ static int do_command_flush(struct netlink_ctx *ctx, struct cmd *cmd)
        case CMD_OBJ_SET:
        case CMD_OBJ_MAP:
        case CMD_OBJ_METER:
+               flush_set_cache(ctx, cmd);
                return mnl_nft_setelem_flush(ctx, cmd);
        case CMD_OBJ_RULESET:
                return mnl_nft_table_del(ctx, cmd);
diff --git a/tests/shell/testcases/sets/0052overlap_0 b/tests/shell/testcases/sets/0052overlap_0
new file mode 100755 (executable)
index 0000000..c296094
--- /dev/null
+++ b/tests/shell/testcases/sets/0052overlap_0
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+
+EXPECTED="add table ip filter
+add set ip filter w_all {type ipv4_addr; flags interval; auto-merge}
+add element ip filter w_all {10.10.10.10, 10.10.10.11}
+"
+
+$NFT -f - <<< "$EXPECTED"
+
+EXPECTED="flush set ip filter w_all
+add element ip filter w_all {10.10.10.10, 10.10.10.253}
+"
+
+$NFT -f - <<< "$EXPECTED"
diff --git a/tests/shell/testcases/sets/dumps/0052overlap_0.nft b/tests/shell/testcases/sets/dumps/0052overlap_0.nft
new file mode 100644 (file)
index 0000000..1cc02ad
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0052overlap_0.nft
@@ -0,0 +1,8 @@
+table ip filter {
+       set w_all {
+               type ipv4_addr
+               flags interval
+               auto-merge
+               elements = { 10.10.10.10, 10.10.10.253 }
+       }
+}
Mirror of git://git.netfilter.org/nftables