git.ipfire.org Git - thirdparty/nftables.git/commit

author	Phil Sutter <phil@nwl.cc>
	Tue, 4 Jun 2019 17:31:51 +0000 (19:31 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 6 Jun 2019 09:19:19 +0000 (11:19 +0200)
commit	e0aace9434129fecd1ca2094f09dbeec46957ec3
tree	a722dc056a00c037262ef0f8a0fbd21068fd8271	tree \| snapshot
parent	5c1c6028dbd54dd56e57fb8a18d1e7e61586e8bf	commit \| diff

libnftables: Drop cache in error case

If a transaction is rejected by the kernel (for instance due to a
semantic error), cache contents are potentially invalid. Release the
cache in that case to avoid the inconsistency.

The problem is easy to reproduce in an interactive session:

| nft> list ruleset
| table ip t {
| chain c {
| }
| }
| nft> flush ruleset; add rule ip t c accept
| Error: No such file or directory
| flush ruleset; add rule ip t c accept
| ^
| nft> list ruleset
| nft>

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>