path: root/iptables/tests/shell/testcases/ipt-restore
diff options
authorPhil Sutter <>2020-02-11 16:52:59 +0100
committerPhil Sutter <>2020-02-12 15:15:10 +0100
commit8e76391096f12212985c401ee83a67990aa27a29 (patch)
treee47eae62760bf28cf9108fc9816b9b403b4e2352 /iptables/tests/shell/testcases/ipt-restore
parente179e87a1179e272a9bdabb0220b17d61d099ee3 (diff)
xtables-restore: fix for --noflush and empty lines
Lookahead buffer used for cache requirements estimate in restore --noflush separates individual lines with nul-chars. Two consecutive nul-chars are interpreted as end of buffer and remaining buffer content is skipped. Sadly, reading an empty line (i.e., one containing a newline character only) caused double nul-chars to appear in buffer as well, leading to premature stop when reading cached lines from buffer. To fix that, make use of xtables_restore_parse_line() skipping empty lines without calling strtok() and just leave the newline character in place. A more intuitive approach, namely skipping empty lines while buffering, is deliberately not chosen as that would cause wrong values in 'line' variable. Closes: Fixes: 09cb517949e69 ("xtables-restore: Improve performance of --noflush operation") Signed-off-by: Phil Sutter <> Acked-by: Arturo Borrero Gonzalez <>
Diffstat (limited to 'iptables/tests/shell/testcases/ipt-restore')
1 files changed, 16 insertions, 0 deletions
diff --git a/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0 b/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0
new file mode 100755
index 00000000..bea1a690
--- /dev/null
+++ b/iptables/tests/shell/testcases/ipt-restore/0011-noflush-empty-line_0
@@ -0,0 +1,16 @@
+#!/bin/bash -e
+# make sure empty lines won't break --noflush
+cat <<EOF | $XT_MULTI iptables-restore --noflush
+# just a comment followed by innocent empty line
+target prot opt source destination
+ACCEPT all -- '
+diff -u <(echo "$EXPECT") <($XT_MULTI iptables -n -L FORWARD)