diff options
author | Phil Sutter <phil@nwl.cc> | 2019-06-04 19:31:51 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-06-06 11:19:19 +0200 |
commit | e0aace9434129fecd1ca2094f09dbeec46957ec3 (patch) | |
tree | a722dc056a00c037262ef0f8a0fbd21068fd8271 /doc/stateful-objects.txt | |
parent | 5c1c6028dbd54dd56e57fb8a18d1e7e61586e8bf (diff) |
libnftables: Drop cache in error case
If a transaction is rejected by the kernel (for instance due to a
semantic error), cache contents are potentially invalid. Release the
cache in that case to avoid the inconsistency.
The problem is easy to reproduce in an interactive session:
| nft> list ruleset
| table ip t {
| chain c {
| }
| }
| nft> flush ruleset; add rule ip t c accept
| Error: No such file or directory
| flush ruleset; add rule ip t c accept
| ^
| nft> list ruleset
| nft>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/stateful-objects.txt')
0 files changed, 0 insertions, 0 deletions