diff options
author | Phil Sutter <phil@nwl.cc> | 2023-02-28 18:09:25 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-03-01 20:15:45 +0100 |
commit | 5fd85822bd12a02f1a921243f605fc6238d705b4 (patch) | |
tree | 1eae37af351b26ba4f2ea53113368be7a5f8808a /iptables/tests | |
parent | 8030e5444681e16ac2f481ddad73e33fab376147 (diff) |
nft-restore: Fix for deletion of new, referenced rule
Combining multiple corner-cases here:
* Insert a rule before another new one which is not the first. Triggers
NFTNL_RULE_ID assignment of the latter.
* Delete the referenced new rule in the same batch again. Causes
overwriting of the previously assigned RULE_ID.
Consequently, iptables-nft-restore fails during *insert*, because the
reference is dangling.
Reported-by: Eric Garver <eric@garver.life>
Fixes: 760b35b46e4cc ("nft: Fix for add and delete of same rule in single batch")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Tested-by: Eric Garver <eric@garver.life>
Diffstat (limited to 'iptables/tests')
-rwxr-xr-x | iptables/tests/shell/testcases/ipt-restore/0003-restore-ordering_0 | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/iptables/tests/shell/testcases/ipt-restore/0003-restore-ordering_0 b/iptables/tests/shell/testcases/ipt-restore/0003-restore-ordering_0 index 3f1d229e..5482b7ea 100755 --- a/iptables/tests/shell/testcases/ipt-restore/0003-restore-ordering_0 +++ b/iptables/tests/shell/testcases/ipt-restore/0003-restore-ordering_0 @@ -123,3 +123,19 @@ EXPECT='-A FORWARD -m comment --comment "rule 1" -j ACCEPT -A FORWARD -m comment --comment "rule 3" -j ACCEPT' diff -u -Z <(echo -e "$EXPECT") <(ipt_show) + +# test adding, referencing and deleting the same rule in a batch + +$XT_MULTI iptables-restore <<EOF +*filter +-A FORWARD -m comment --comment "first rule" -j ACCEPT +-A FORWARD -m comment --comment "referenced rule" -j ACCEPT +-I FORWARD 2 -m comment --comment "referencing rule" -j ACCEPT +-D FORWARD -m comment --comment "referenced rule" -j ACCEPT +COMMIT +EOF + +EXPECT='-A FORWARD -m comment --comment "first rule" -j ACCEPT +-A FORWARD -m comment --comment "referencing rule" -j ACCEPT' + +diff -u -Z <(echo -e "$EXPECT") <(ipt_show) |