diff options
-rw-r--r-- | iptables/nft.c | 15 | ||||
-rw-r--r-- | iptables/nft.h | 1 | ||||
-rwxr-xr-x | iptables/tests/shell/testcases/nft-only/0007-mid-restore-flush_0 | 23 |
3 files changed, 25 insertions, 14 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 76fd7edd..78dd1773 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -644,19 +644,13 @@ const struct builtin_table xtables_bridge[NFT_TABLE_MAX] = { }, }; -static bool nft_table_initialized(const struct nft_handle *h, - enum nft_table_type type) -{ - return h->cache->table[type].initialized; -} - static int nft_table_builtin_add(struct nft_handle *h, const struct builtin_table *_t) { struct nftnl_table *t; int ret; - if (nft_table_initialized(h, _t->type)) + if (h->cache->table[_t->type].exists) return 0; t = nftnl_table_alloc(); @@ -775,9 +769,6 @@ static int nft_xt_builtin_init(struct nft_handle *h, const char *table) if (t == NULL) return -1; - if (nft_table_initialized(h, t->type)) - return 0; - if (nft_table_builtin_add(h, t) < 0) return -1; @@ -786,8 +777,6 @@ static int nft_xt_builtin_init(struct nft_handle *h, const char *table) nft_chain_builtin_init(h, t); - h->cache->table[t->type].initialized = true; - return 0; } @@ -1989,7 +1978,7 @@ static int __nft_table_flush(struct nft_handle *h, const char *table, bool exist _t = nft_table_builtin_find(h, table); assert(_t); - h->cache->table[_t->type].initialized = false; + h->cache->table[_t->type].exists = false; flush_chain_cache(h, table); diff --git a/iptables/nft.h b/iptables/nft.h index f38f5812..128e09be 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -41,7 +41,6 @@ struct nft_cache { struct { struct nftnl_chain_list *chains; struct nftnl_set_list *sets; - bool initialized; bool exists; } table[NFT_TABLE_MAX]; }; diff --git a/iptables/tests/shell/testcases/nft-only/0007-mid-restore-flush_0 b/iptables/tests/shell/testcases/nft-only/0007-mid-restore-flush_0 new file mode 100755 index 00000000..43880ffb --- /dev/null +++ b/iptables/tests/shell/testcases/nft-only/0007-mid-restore-flush_0 @@ -0,0 +1,23 @@ +#!/bin/bash + +[[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; } +nft -v >/dev/null || { echo "skip $XT_MULTI (no nft)"; exit 0; } + +coproc $XT_MULTI iptables-restore --noflush + +cat >&"${COPROC[1]}" <<EOF +*filter +:foo [0:0] +COMMIT +*filter +:foo [0:0] +EOF + +$XT_MULTI iptables-save | grep -q ':foo' +nft flush ruleset + +echo "COMMIT" >&"${COPROC[1]}" +sleep 1 + +[[ -n $COPROC_PID ]] && kill $COPROC_PID +wait |