cache: set on cache flags for nested notation

Set on the cache flags for the nested notation too, this is fixing nft -f
with two files, one that contains the set declaration and another that
adds a rule that refers to such set.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1474
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/cache.c b/src/cache.c
index 42e6b65c6d9e23d33517faeac84f3feb7d428f9a..544f64a20396593e06d6ac9169a21d731cb746db 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -20,6 +20,16 @@
 static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags)
 {
        switch (cmd->obj) {
+       case CMD_OBJ_TABLE:
+               if (!cmd->table)
+                       break;
+
+               flags |= NFT_CACHE_TABLE |
+                        NFT_CACHE_CHAIN |
+                        NFT_CACHE_SET |
+                        NFT_CACHE_OBJECT |
+                        NFT_CACHE_FLOWTABLE;
+               break;
        case CMD_OBJ_CHAIN:
        case CMD_OBJ_SET:
        case CMD_OBJ_COUNTER:

diff --git a/tests/shell/testcases/nft-f/0029split_file_0 b/tests/shell/testcases/nft-f/0029split_file_0
new file mode 100755 (executable)
index 0000000..0cc547a
--- /dev/null
+++ b/tests/shell/testcases/nft-f/0029split_file_0
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -e
+
+RULESET="table inet filter {
+       set whitelist_v4 {
+               type ipv4_addr;
+       }
+
+       chain prerouting {
+               type filter hook prerouting priority filter;
+       }
+}
+"
+
+$NFT -f - <<< "$RULESET"
+
+RULESET="table inet filter {
+       chain prerouting {
+               ip daddr @whitelist_v4
+       }
+}
+"
+
+$NFT -f - <<< "$RULESET"