From 543e7f405e3dc502ef0a69f0b85a745bdbc998ee Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 16 Jul 2019 11:48:33 +0200
Subject: cache: incorrect flags for create commands

 # nft create table testD
 # nft create chain testD test6
 Error: No such file or directory
 create chain testD test6
              ^^^^^

Handle 'create' command just like 'add' and 'insert'. Check for object
types to dump the tables for more fine grain listing, instead of dumping
the whole ruleset.

Fixes: 7df42800cf89 ("src: single cache_update() call to build cache before evaluation")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/cache.c                                        | 30 +++++++++++++++-------
 tests/shell/testcases/chains/0030create_0          |  6 +++++
 .../shell/testcases/chains/dumps/0030create_0.nft  |  4 +++
 3 files changed, 31 insertions(+), 9 deletions(-)
 create mode 100644 tests/shell/testcases/chains/0030create_0
 create mode 100644 tests/shell/testcases/chains/dumps/0030create_0.nft

diff --git a/src/cache.c b/src/cache.c
index d371c548..e04ead85 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -16,10 +16,29 @@
 static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags)
 {
 	switch (cmd->obj) {
+	case CMD_OBJ_CHAIN:
+	case CMD_OBJ_SET:
+	case CMD_OBJ_COUNTER:
+	case CMD_OBJ_QUOTA:
+	case CMD_OBJ_LIMIT:
+	case CMD_OBJ_SECMARK:
+	case CMD_OBJ_FLOWTABLE:
+		flags |= NFT_CACHE_TABLE;
+		break;
 	case CMD_OBJ_SETELEM:
-		flags |= NFT_CACHE_SETELEM;
+		flags |= NFT_CACHE_TABLE |
+			 NFT_CACHE_CHAIN |
+			 NFT_CACHE_SET |
+			 NFT_CACHE_OBJECT |
+			 NFT_CACHE_SETELEM;
 		break;
 	case CMD_OBJ_RULE:
+		flags |= NFT_CACHE_TABLE |
+			 NFT_CACHE_CHAIN |
+			 NFT_CACHE_SET |
+			 NFT_CACHE_OBJECT |
+			 NFT_CACHE_FLOWTABLE;
+
 		if (cmd->handle.index.id ||
 		    cmd->handle.position.id)
 			flags |= NFT_CACHE_RULE;
@@ -83,18 +102,11 @@ unsigned int cache_evaluate(struct nft_ctx *nft, struct list_head *cmds)
 		switch (cmd->op) {
 		case CMD_ADD:
 		case CMD_INSERT:
+		case CMD_CREATE:
 			if (nft_output_echo(&nft->output)) {
 				flags = NFT_CACHE_FULL;
 				break;
 			}
-
-			flags |= NFT_CACHE_TABLE |
-				 NFT_CACHE_CHAIN |
-				 NFT_CACHE_SET |
-				 NFT_CACHE_FLOWTABLE |
-				 NFT_CACHE_OBJECT;
-			/* Fall through */
-		case CMD_CREATE:
 			flags = evaluate_cache_add(cmd, flags);
 			break;
 		case CMD_REPLACE:
diff --git a/tests/shell/testcases/chains/0030create_0 b/tests/shell/testcases/chains/0030create_0
new file mode 100644
index 00000000..0b457f91
--- /dev/null
+++ b/tests/shell/testcases/chains/0030create_0
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -e
+
+$NFT add table ip x
+$NFT create chain ip x y
diff --git a/tests/shell/testcases/chains/dumps/0030create_0.nft b/tests/shell/testcases/chains/dumps/0030create_0.nft
new file mode 100644
index 00000000..8e818d2d
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/0030create_0.nft
@@ -0,0 +1,4 @@
+table ip x {
+	chain y {
+	}
+}
-- 
cgit v1.2.3