From 7def18395d118e22a009de7e2e8de7f77906580b Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 14 Jan 2020 17:25:35 +0100 Subject: cache: Fix for doubled output after reset command Reset command causes a dump of the objects to reset and adds those to cache. Yet it ignored if the object in question was already there and up to now CMD_RESET was flagged as NFT_CACHE_FULL. Tackle this from two angles: First, reduce cache requirements of reset command to the necessary bits which is table cache. This alone would suffice if there wasn't interactive mode (and other libnftables users): A cache containing the objects to reset might be in place already, so add dumped objects to cache only if they don't exist already. Signed-off-by: Phil Sutter Acked-by: Pablo Neira Ayuso --- src/rule.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/rule.c') diff --git a/src/rule.c b/src/rule.c index 57f1fc83..883b0707 100644 --- a/src/rule.c +++ b/src/rule.c @@ -2582,7 +2582,8 @@ static int do_command_reset(struct netlink_ctx *ctx, struct cmd *cmd) ret = netlink_reset_objs(ctx, cmd, type, dump); list_for_each_entry_safe(obj, next, &ctx->list, list) { table = table_lookup(&obj->handle, &ctx->nft->cache); - list_move(&obj->list, &table->objs); + if (!obj_lookup(table, obj->handle.obj.name, obj->type)) + list_move(&obj->list, &table->objs); } if (ret < 0) return ret; -- cgit v1.2.3