If we've done a partial fetch of the cache and the genid is the same the
cache update will be skipped without fetching the rules. This causes the
index to handle lookup to fail. To remedy the situation we flush the
cache and force a full update.
Fixes: 816d8c7659c1 ("Support 'add/insert rule index <IDX>'")
Signed-off-by: Eric Garver <eric@xxxxxxxxxxx>
---
src/evaluate.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index 3593eb80a6a6..a2585291e7c4 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3182,7 +3182,11 @@ static int rule_translate_index(struct eval_ctx *ctx, struct rule *rule)
struct rule *r;
int ret;
- /* update cache with CMD_LIST so that rules are fetched, too */
+ /* Update cache with CMD_LIST so that rules are fetched, too. The explicit
+ * release is necessary because the genid may be the same, in which case
+ * the update would be a no-op.
+ */
+ cache_release(&ctx->nft->cache);
ret = cache_update(ctx->nft, CMD_LIST, ctx->msgs);
if (ret < 0)
return ret;
--
2.20.1
