diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-07-16 11:48:33 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-07-16 19:53:43 +0200 |
| commit | 543e7f405e3dc502ef0a69f0b85a745bdbc998ee (patch) | |
| tree | 6fdb44ef203e067189dde9b7029bc8cc24584d19 | |
| parent | 83fca32ec0e18a601c8f250f2767b5bba88566b6 (diff) | |
cache: incorrect flags for create commands
# nft create table testD
# nft create chain testD test6
Error: No such file or directory
create chain testD test6
^^^^^
Handle 'create' command just like 'add' and 'insert'. Check for object
types to dump the tables for more fine grain listing, instead of dumping
the whole ruleset.
Fixes: 7df42800cf89 ("src: single cache_update() call to build cache before evaluation")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/cache.c | 30 | ||||
| -rw-r--r-- | tests/shell/testcases/chains/0030create_0 | 6 | ||||
| -rw-r--r-- | tests/shell/testcases/chains/dumps/0030create_0.nft | 4 |
3 files changed, 31 insertions, 9 deletions
diff --git a/src/cache.c b/src/cache.c index d371c548..e04ead85 100644 --- a/src/cache.c +++ b/src/cache.c @@ -16,10 +16,29 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags) { switch (cmd->obj) { + case CMD_OBJ_CHAIN: + case CMD_OBJ_SET: + case CMD_OBJ_COUNTER: + case CMD_OBJ_QUOTA: + case CMD_OBJ_LIMIT: + case CMD_OBJ_SECMARK: + case CMD_OBJ_FLOWTABLE: + flags |= NFT_CACHE_TABLE; + break; case CMD_OBJ_SETELEM: - flags |= NFT_CACHE_SETELEM; + flags |= NFT_CACHE_TABLE | + NFT_CACHE_CHAIN | + NFT_CACHE_SET | + NFT_CACHE_OBJECT | + NFT_CACHE_SETELEM; break; case CMD_OBJ_RULE: + flags |= NFT_CACHE_TABLE | + NFT_CACHE_CHAIN | + NFT_CACHE_SET | + NFT_CACHE_OBJECT | + NFT_CACHE_FLOWTABLE; + if (cmd->handle.index.id || cmd->handle.position.id) flags |= NFT_CACHE_RULE; @@ -83,18 +102,11 @@ unsigned int cache_evaluate(struct nft_ctx *nft, struct list_head *cmds) switch (cmd->op) { case CMD_ADD: case CMD_INSERT: + case CMD_CREATE: if (nft_output_echo(&nft->output)) { flags = NFT_CACHE_FULL; break; } - - flags |= NFT_CACHE_TABLE | - NFT_CACHE_CHAIN | - NFT_CACHE_SET | - NFT_CACHE_FLOWTABLE | - NFT_CACHE_OBJECT; - /* Fall through */ - case CMD_CREATE: flags = evaluate_cache_add(cmd, flags); break; case CMD_REPLACE: diff --git a/tests/shell/testcases/chains/0030create_0 b/tests/shell/testcases/chains/0030create_0 new file mode 100644 index 00000000..0b457f91 --- /dev/null +++ b/tests/shell/testcases/chains/0030create_0 @@ -0,0 +1,6 @@ +#!/bin/bash + +set -e + +$NFT add table ip x +$NFT create chain ip x y diff --git a/tests/shell/testcases/chains/dumps/0030create_0.nft b/tests/shell/testcases/chains/dumps/0030create_0.nft new file mode 100644 index 00000000..8e818d2d --- /dev/null +++ b/tests/shell/testcases/chains/dumps/0030create_0.nft @@ -0,0 +1,4 @@ +table ip x { + chain y { + } +} |