Otherwise bogus variable redefinition are reported via -o/--optimize:
redefinition.conf:5:8-21: Error: redefinition of symbol 'interface_inet'
define interface_inet = enp5s0
^^^^^^^^^^^^^^
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/libnftables.c | 2 ++
tests/shell/testcases/optimizations/variables | 15 +++++++++++++++
2 files changed, 17 insertions(+)
create mode 100755 tests/shell/testcases/optimizations/variables
diff --git a/src/libnftables.c b/src/libnftables.c
index aac682b706ff..f2a1ef04e80b 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -708,6 +708,8 @@ err:
if (rc)
nft_cache_release(&nft->cache);
+ scope_release(nft->state->scopes[0]);
+
return rc;
}
diff --git a/tests/shell/testcases/optimizations/variables b/tests/shell/testcases/optimizations/variables
new file mode 100755
index 000000000000..fa986065006b
--- /dev/null
+++ b/tests/shell/testcases/optimizations/variables
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -e
+
+RULESET="define addrv4_vpnnet = 10.1.0.0/16
+
+table ip nat {
+ chain postrouting {
+ type nat hook postrouting priority 0; policy accept;
+
+ ip saddr \$addrv4_vpnnet counter masquerade fully-random comment \"masquerade ipv4\"
+ }
+}"
+
+$NFT -c -o -f - <<< $RULESET
--
2.30.2
