cache: incorrect flags for create commands

author Pablo Neira Ayuso <pablo@netfilter.org>

Tue, 16 Jul 2019 09:48:33 +0000 (11:48 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Tue, 16 Jul 2019 17:53:43 +0000 (19:53 +0200)
author Pablo Neira Ayuso <pablo@netfilter.org>
Tue, 16 Jul 2019 09:48:33 +0000 (11:48 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Tue, 16 Jul 2019 17:53:43 +0000 (19:53 +0200)
diff --git a/src/cache.c b/src/cache.c

index d371c5488d1be7035e7f42fe9b88cbb76b67207a..e04ead85c830b5bec8ebdeb220ac0af8eff9c29f 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -16,10 +16,29 @@
  static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags)
  {
         switch (cmd->obj) {
+       case CMD_OBJ_CHAIN:
+       case CMD_OBJ_SET:
+       case CMD_OBJ_COUNTER:
+       case CMD_OBJ_QUOTA:
+       case CMD_OBJ_LIMIT:
+       case CMD_OBJ_SECMARK:
+       case CMD_OBJ_FLOWTABLE:
+               flags |= NFT_CACHE_TABLE;
+               break;
         case CMD_OBJ_SETELEM:
-               flags |= NFT_CACHE_SETELEM;
+               flags |= NFT_CACHE_TABLE |
+                        NFT_CACHE_CHAIN |
+                        NFT_CACHE_SET |
+                        NFT_CACHE_OBJECT |
+                        NFT_CACHE_SETELEM;
                 break;
         case CMD_OBJ_RULE:
+               flags |= NFT_CACHE_TABLE |
+                        NFT_CACHE_CHAIN |
+                        NFT_CACHE_SET |
+                        NFT_CACHE_OBJECT |
+                        NFT_CACHE_FLOWTABLE;
+
                 if (cmd->handle.index.id ||
                     cmd->handle.position.id)
                         flags |= NFT_CACHE_RULE;
@@ -83,18 +102,11 @@ unsigned int cache_evaluate(struct nft_ctx *nft, struct list_head *cmds)
                 switch (cmd->op) {
                 case CMD_ADD:
                 case CMD_INSERT:
+               case CMD_CREATE:
                         if (nft_output_echo(&nft->output)) {
                                 flags = NFT_CACHE_FULL;
                                 break;
                         }
-
-                       flags |= NFT_CACHE_TABLE |
-                                NFT_CACHE_CHAIN |
-                                NFT_CACHE_SET |
-                                NFT_CACHE_FLOWTABLE |
-                                NFT_CACHE_OBJECT;
-                       /* Fall through */
-               case CMD_CREATE:
                         flags = evaluate_cache_add(cmd, flags);
                         break;
                 case CMD_REPLACE:
diff --git a/tests/shell/testcases/chains/0030create_0 b/tests/shell/testcases/chains/0030create_0

new file mode 100644 (file)

index 0000000..0b457f9
--- /dev/null
+++ b/tests/shell/testcases/chains/0030create_0
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -e
+
+$NFT add table ip x
+$NFT create chain ip x y
diff --git a/tests/shell/testcases/chains/dumps/0030create_0.nft b/tests/shell/testcases/chains/dumps/0030create_0.nft

new file mode 100644 (file)

index 0000000..8e818d2
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/0030create_0.nft
@@ -0,0 +1,4 @@
+table ip x {
+       chain y {
+       }
+}
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 16 Jul 2019 09:48:33 +0000 (11:48 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 16 Jul 2019 17:53:43 +0000 (19:53 +0200)
src/cache.c		patch \| blob \| blame \| history
tests/shell/testcases/chains/0030create_0	[new file with mode: 0644]	patch \| blob
tests/shell/testcases/chains/dumps/0030create_0.nft	[new file with mode: 0644]	patch \| blob