cache: missing family in cache filtering

Check family when filtering out listing of tables and sets.

Fixes: 3f1d3912c3a6 ("cache: filter out tables that are not requested")
Fixes: 635ee1cad8aa ("cache: filter out sets and maps that are not requested")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 8 insertions, 4 deletions

diff --git a/src/cache.c b/src/cache.c
index 28604aab..e82e0b8d 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -194,14 +194,16 @@ static unsigned int evaluate_cache_list(struct nft_ctx *nft, struct cmd *cmd,
 {
 	switch (cmd->obj) {
 	case CMD_OBJ_TABLE:
-		if (filter && cmd->handle.table.name)
+		if (filter && cmd->handle.table.name) {
+			filter->list.family = cmd->handle.family;
 			filter->list.table = cmd->handle.table.name;
-
+		}
 		flags |= NFT_CACHE_FULL;
 		break;
 	case CMD_OBJ_SET:
 	case CMD_OBJ_MAP:
 		if (filter && cmd->handle.table.name && cmd->handle.set.name) {
+			filter->list.family = cmd->handle.family;
 			filter->list.table = cmd->handle.table.name;
 			filter->list.set = cmd->handle.set.name;
 		}
@@ -439,7 +441,8 @@ static int set_cache_cb(struct nftnl_set *nls, void *arg)
 		return -1;
 
 	if (ctx->filter && ctx->filter->list.set &&
-	    (strcmp(ctx->filter->list.table, set->handle.table.name) ||
+	    (ctx->filter->list.family != set->handle.family ||
+	     strcmp(ctx->filter->list.table, set->handle.table.name) ||
 	     strcmp(ctx->filter->list.set, set->handle.set.name))) {
 		set_free(set);
 		return 0;
@@ -699,7 +702,8 @@ static int cache_init_tables(struct netlink_ctx *ctx, struct handle *h,
 		list_del(&table->list);
 
 		if (filter && filter->list.table &&
-		    (strcmp(filter->list.table, table->handle.table.name))) {
+		    (filter->list.family != table->handle.family ||
+		     strcmp(filter->list.table, table->handle.table.name))) {
 			table_free(table);
 			continue;
 		}