Two reports point to a crash in nft when 'flush' is provided
on existing ruleset. In that case, nft will crash with a null-ptr
dereference.
"evaluate: do not inconditionally update cache from flush command"
causes the commit to fail due to a cache inconsistency, we then trip
over NULL location->indesc. Cause of 2nd bug not known yet, not sure
how to fix cache issue either, so only adding reproducer so this can be
fixed later.
Without erec bug, the (errnoeous) error message would be
Could not process rule: File exists
Reported-by: Oleksandr Natalenko <oleksandr@xxxxxxxxxxxxxx>
Reported-by: Timothy Redaelli <tredaelli@xxxxxxxxxx>
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
tests/shell/testcases/cache/0001_cache_handling_0 | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tests/shell/testcases/cache/0001_cache_handling_0 b/tests/shell/testcases/cache/0001_cache_handling_0
index 20c19117033d..77afdf8d9072 100755
--- a/tests/shell/testcases/cache/0001_cache_handling_0
+++ b/tests/shell/testcases/cache/0001_cache_handling_0
@@ -16,6 +16,10 @@ table inet test {
set -e
$NFT -f - <<< $RULESET
+TMP=$(mktemp)
+echo "$RULESET" >> "$TMP"
+$NFT "flush ruleset;include \"$TMP\""
+rm -f "$TMP"
rule_handle=$($NFT list ruleset -a | awk '/saddr/{print $NF}')
$NFT delete rule inet test test handle $rule_handle
$NFT delete set inet test test
--
2.16.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
