cache: missing family in cache filtering

Check family when filtering out listing of tables and sets.

Fixes: 3f1d3912c3a6 ("cache: filter out tables that are not requested")
Fixes: 635ee1cad8aa ("cache: filter out sets and maps that are not requested")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/cache.h b/include/cache.h
index cdf1f4fbf6f761ff45beb4f24379e0172be63e4f..120a1b8d91b5bc08a4540746861f5cf93183d29c 100644 (file)
--- a/include/cache.h
+++ b/include/cache.h
@@ -49,6 +49,7 @@ struct nft_filter_obj {
 
 struct nft_cache_filter {
        struct {
+               uint32_t        family;
                const char      *table;
                const char      *set;
        } list;

diff --git a/src/cache.c b/src/cache.c
index 28604aab5532eb0a9b7e328e95e63f24b0908a7f..e82e0b8d12158bc1e5a41fca425803ce61a57bd1 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -194,14 +194,16 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
 {
        switch (cmd->obj) {
        case CMD_OBJ_TABLE:
-               if (filter && cmd->handle.table.name)
+               if (filter && cmd->handle.table.name) {
+                       filter->list.family = cmd->handle.family;
                        filter->list.table = cmd->handle.table.name;
-
+               }
                flags |= NFT_CACHE_FULL;
                break;
        case CMD_OBJ_SET:
        case CMD_OBJ_MAP:
                if (filter && cmd->handle.table.name && cmd->handle.set.name) {
+                       filter->list.family = cmd->handle.family;
                        filter->list.table = cmd->handle.table.name;
                        filter->list.set = cmd->handle.set.name;
                }
@@ -439,7 +441,8 @@ static int set_cache_cb(struct nftnl_set *nls, void *arg)
                return -1;
 
        if (ctx->filter && ctx->filter->list.set &&
-           (strcmp(ctx->filter->list.table, set->handle.table.name) ||
+           (ctx->filter->list.family != set->handle.family ||
+            strcmp(ctx->filter->list.table, set->handle.table.name) ||
             strcmp(ctx->filter->list.set, set->handle.set.name))) {
                set_free(set);
                return 0;
@@ -699,7 +702,8 @@ static int cache_init_tables(struct netlink_ctx *ctx, struct handle *h,
                list_del(&table->list);
 
                if (filter && filter->list.table &&
-                   (strcmp(filter->list.table, table->handle.table.name))) {
+                   (filter->list.family != table->handle.family ||
+                    strcmp(filter->list.table, table->handle.table.name))) {
                        table_free(table);
                        continue;
                }