xtables: Allocate rule cache just once

For each parsed table, xtables-restore calls nft_table_flush() which each time allocates a new rule cache, possibly overwriting the pointer to the previously allocated one. Fix this by checking the pointer value and only allocate if it's NULL. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
author: Phil Sutter <phil@nwl.cc> 2018-08-02 17:05:08 +0200
committer: Florian Westphal <fw@strlen.de> 2018-08-04 14:07:23 +0200
commit: c2594475dd270e3a81033fed2e5251dbd5ce319b (patch)
tree: 18c6c9125396e8718199273a3cde7dd1928c292f
parent: ed30b9311d2bf3758463a353bf8a9dbb42a4e1cb (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index a9cb92ed..d5c4c766 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1867,9 +1867,11 @@ next:
 		t = nftnl_table_list_iter_next(iter);
 	}
 
-	h->rule_cache = nftnl_rule_list_alloc();
-	if (h->rule_cache == NULL)
-		return -1;
+	if (!h->rule_cache) {
+		h->rule_cache = nftnl_rule_list_alloc();
+		if (h->rule_cache == NULL)
+			return -1;
+	}
 
 err_table_iter:
 	nftnl_table_list_iter_destroy(iter);
author	Phil Sutter <phil@nwl.cc>	2018-08-02 17:05:08 +0200
committer	Florian Westphal <fw@strlen.de>	2018-08-04 14:07:23 +0200
commit	c2594475dd270e3a81033fed2e5251dbd5ce319b (patch)
tree	18c6c9125396e8718199273a3cde7dd1928c292f
parent	ed30b9311d2bf3758463a353bf8a9dbb42a4e1cb (diff)