[PATCH nft 3/3] src: evaluate: return immediately if no op was requested

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This makes nft behave like 0.9.0 -- the ruleset

flush ruleset
table inet filter {
}
table inet filter {
      chain test {
        counter
    }
}

loads again without generating an error message.
I've added a test case for this, without this it will create an error,
and with a checkout of the 'fixes' tag we get crash.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1351
Fixes: e5382c0d08e3c ("src: Support intra-transaction rule references")
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
 src/evaluate.c                                  |  3 +++
 tests/shell/testcases/cache/0003_cache_update_0 | 12 ++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/src/evaluate.c b/src/evaluate.c
index b56932ccabcc..8c1c82abed4e 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3258,6 +3258,9 @@ static int rule_cache_update(struct eval_ctx *ctx, enum cmd_ops op)
 	struct table *table;
 	struct chain *chain;
 
+	if (op == CMD_INVALID)
+		return 0;
+
 	table = table_lookup(&rule->handle, &ctx->nft->cache);
 	if (!table)
 		return table_not_found(ctx);
diff --git a/tests/shell/testcases/cache/0003_cache_update_0 b/tests/shell/testcases/cache/0003_cache_update_0
index 05edc9c7c33e..fb4b0e24c790 100755
--- a/tests/shell/testcases/cache/0003_cache_update_0
+++ b/tests/shell/testcases/cache/0003_cache_update_0
@@ -48,3 +48,15 @@ $NFT -f - >/dev/null <<EOF
 add rule ip t4 c meta l4proto igmp accept
 add rule ip t4 c index 2 drop
 EOF
+
+# Trigger a crash or rule restore error with nft 0.9.1
+$NFT -f - >/dev/null <<EOF
+flush ruleset
+table inet testfilter {
+}
+table inet testfilter {
+      chain test {
+        counter
+    }
+}
+EOF
-- 
2.21.0
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux