On Sun, Jul 21, 2019 at 02:14:07AM +0200, Florian Westphal wrote:
> This makes nft behave like 0.9.0 -- the ruleset
>
> flush ruleset
> table inet filter {
> }
> table inet filter {
> chain test {
> counter
> }
> }
>
> loads again without generating an error message.
> I've added a test case for this, without this it will create an error,
> and with a checkout of the 'fixes' tag we get crash.
>
> Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1351
> Fixes: e5382c0d08e3c ("src: Support intra-transaction rule references")
This one is causing the cache corruption, right?
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> ---
> src/evaluate.c | 3 +++
> tests/shell/testcases/cache/0003_cache_update_0 | 12 ++++++++++++
> 2 files changed, 15 insertions(+)
>
> diff --git a/src/evaluate.c b/src/evaluate.c
> index b56932ccabcc..8c1c82abed4e 100644
> --- a/src/evaluate.c
> +++ b/src/evaluate.c
> @@ -3258,6 +3258,9 @@ static int rule_cache_update(struct eval_ctx *ctx, enum cmd_ops op)
> struct table *table;
> struct chain *chain;
>
> + if (op == CMD_INVALID)
> + return 0;
> +
> table = table_lookup(&rule->handle, &ctx->nft->cache);
> if (!table)
> return table_not_found(ctx);
> diff --git a/tests/shell/testcases/cache/0003_cache_update_0 b/tests/shell/testcases/cache/0003_cache_update_0
> index 05edc9c7c33e..fb4b0e24c790 100755
> --- a/tests/shell/testcases/cache/0003_cache_update_0
> +++ b/tests/shell/testcases/cache/0003_cache_update_0
> @@ -48,3 +48,15 @@ $NFT -f - >/dev/null <<EOF
> add rule ip t4 c meta l4proto igmp accept
> add rule ip t4 c index 2 drop
> EOF
> +
> +# Trigger a crash or rule restore error with nft 0.9.1
> +$NFT -f - >/dev/null <<EOF
> +flush ruleset
> +table inet testfilter {
> +}
> +table inet testfilter {
> + chain test {
> + counter
> + }
> +}
> +EOF
> --
> 2.21.0
>
