On Wed, Sep 25, 2019 at 11:25:49PM +0200, Phil Sutter wrote: > @@ -2238,6 +2259,8 @@ nft_rule_find(struct nft_handle *h, struct nftnl_chain *c, void *data, int rulen > struct nftnl_rule_iter *iter; > bool found = false; > > + fetch_rule_cache(h, c); fetch_rule_cache() does not perform any cache consistency check. This function is good to be called from nft_build_cache() path. However, if you call it away from it, you have to be sure the cache you are ending up with is consistency. There are several netlink dump operations in a row in fetch_rule_cache(), this is likely to happen I'm afraid.
