diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-11-09 12:15:44 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-11-11 10:55:29 +0100 |
commit | b3ed8fd8c9f33230fa819a3ae500cd1a99025038 (patch) | |
tree | d2b1c1a9b7ba2c22f59d7406904a08fc4afebb38 /src | |
parent | dffc0e109ed4780c6d79c52fb5be8cda2d63fc6b (diff) |
cache: missing family in cache filtering
Check family when filtering out listing of tables and sets.
Fixes: 3f1d3912c3a6 ("cache: filter out tables that are not requested")
Fixes: 635ee1cad8aa ("cache: filter out sets and maps that are not requested")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/cache.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/cache.c b/src/cache.c index 28604aab..e82e0b8d 100644 --- a/src/cache.c +++ b/src/cache.c @@ -194,14 +194,16 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd, { switch (cmd->obj) { case CMD_OBJ_TABLE: - if (filter && cmd->handle.table.name) + if (filter && cmd->handle.table.name) { + filter->list.family = cmd->handle.family; filter->list.table = cmd->handle.table.name; - + } flags |= NFT_CACHE_FULL; break; case CMD_OBJ_SET: case CMD_OBJ_MAP: if (filter && cmd->handle.table.name && cmd->handle.set.name) { + filter->list.family = cmd->handle.family; filter->list.table = cmd->handle.table.name; filter->list.set = cmd->handle.set.name; } @@ -439,7 +441,8 @@ static int set_cache_cb(struct nftnl_set *nls, void *arg) return -1; if (ctx->filter && ctx->filter->list.set && - (strcmp(ctx->filter->list.table, set->handle.table.name) || + (ctx->filter->list.family != set->handle.family || + strcmp(ctx->filter->list.table, set->handle.table.name) || strcmp(ctx->filter->list.set, set->handle.set.name))) { set_free(set); return 0; @@ -699,7 +702,8 @@ static int cache_init_tables(struct netlink_ctx *ctx, struct handle *h, list_del(&table->list); if (filter && filter->list.table && - (strcmp(filter->list.table, table->handle.table.name))) { + (filter->list.family != table->handle.family || + strcmp(filter->list.table, table->handle.table.name))) { table_free(table); continue; } |