rule: ensure cache consistency

Check for generation ID after the cache is populated. In case of
interference, release the inconsistent cache and retry.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/rule.c b/src/rule.c
index 651454733beddf256f7de387105833a4c449d86f..e570238a40f5b666702e70b29976d0267b715f1d 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -251,7 +251,7 @@ int cache_update(struct nft_ctx *nft, enum cmd_ops cmd, struct list_head *msgs)
                .nft            = nft,
        };
        struct nft_cache *cache = &nft->cache;
-       uint32_t genid;
+       uint32_t genid, genid_stop;
        int ret;
 replay:
        ctx.seqnum = cache->seqnum++;
@@ -272,6 +272,13 @@ replay:
                }
                return -1;
        }
+
+       genid_stop = mnl_genid_get(&ctx);
+       if (genid != genid_stop) {
+               cache_release(cache);
+               goto replay;
+       }
+
        cache->genid = genid;
        cache->cmd = cmd;
        return 0;