diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-06-05 11:32:46 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-06-07 23:05:31 +0200 |
commit | d3c8051cb767693a6902ed9350e923b25198310c (patch) | |
tree | cfb20fded7492b15a6ef8e1046334188506dd8eb /tests/shell/testcases/nft-f/0024priority_0 | |
parent | 77b81cafb9a93a97a6b4a914fb6fbb45976f5c81 (diff) |
rule: rework CMD_OBJ_SETELEMS logic
Do not clone the set and zap the elements during the set and map
expansion to the CMD_OBJ_SETELEMS command.
Instead, update the CMD_OBJ_SET command to add the set to the kernel
(without elements) and let CMD_OBJ_SETELEMS add the elements. The
CMD_OBJ_SET command calls set_to_intervals() to update set->init->size
(NFTNL_SET_DESC_SIZE) before adding the set to the kernel. Updating the
set size from do_add_setelems() comes too late, it might result in
spurious ENFILE errors for interval sets.
Moreover, skip CMD_OBJ_SETELEMS if the set definition specifies no
elements.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1500
Fixes: c9eae091983a ("src: add CMD_OBJ_SETELEMS")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases/nft-f/0024priority_0')
0 files changed, 0 insertions, 0 deletions