authorPhil Sutter <>2019-06-04 19:31:51 +0200
committerPablo Neira Ayuso <>2019-06-06 11:19:19 +0200
libnftables: Drop cache in error case
If a transaction is rejected by the kernel (for instance due to a semantic error), cache contents are potentially invalid. Release the cache in that case to avoid the inconsistency. The problem is easy to reproduce in an interactive session: | nft> list ruleset | table ip t { | chain c { | } | } | nft> flush ruleset; add rule ip t c accept | Error: No such file or directory | flush ruleset; add rule ip t c accept | ^ | nft> list ruleset | nft> Signed-off-by: Phil Sutter <> Signed-off-by: Pablo Neira Ayuso <>
