[PATCH nft] cache: set on cache flags for nested notation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Set on the cache flags for the nested notation too, this is fixing nft -f
with two files, one that contains the set declaration and another that
adds a rule that refers to such set.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1474
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 src/cache.c                                  | 10 ++++++++
 tests/shell/testcases/nft-f/0029split_file_0 | 25 ++++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100755 tests/shell/testcases/nft-f/0029split_file_0

diff --git a/src/cache.c b/src/cache.c
index 42e6b65c6d9e..544f64a20396 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -20,6 +20,16 @@
 static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags)
 {
 	switch (cmd->obj) {
+	case CMD_OBJ_TABLE:
+		if (!cmd->table)
+			break;
+
+		flags |= NFT_CACHE_TABLE |
+			 NFT_CACHE_CHAIN |
+			 NFT_CACHE_SET |
+			 NFT_CACHE_OBJECT |
+			 NFT_CACHE_FLOWTABLE;
+		break;
 	case CMD_OBJ_CHAIN:
 	case CMD_OBJ_SET:
 	case CMD_OBJ_COUNTER:
diff --git a/tests/shell/testcases/nft-f/0029split_file_0 b/tests/shell/testcases/nft-f/0029split_file_0
new file mode 100755
index 000000000000..0cc547abc37e
--- /dev/null
+++ b/tests/shell/testcases/nft-f/0029split_file_0
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -e
+
+RULESET="table inet filter {
+	set whitelist_v4 {
+		type ipv4_addr;
+	}
+
+	chain prerouting {
+		type filter hook prerouting priority filter;
+	}
+}
+"
+
+$NFT -f - <<< "$RULESET"
+
+RULESET="table inet filter {
+	chain prerouting {
+		ip daddr @whitelist_v4
+	}
+}
+"
+
+$NFT -f - <<< "$RULESET"
-- 
2.30.2




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux