From 5f1fcacebf9b4529950b6e3f88327049a0ea7cd2 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Wed, 24 Feb 2021 11:08:02 +0100
Subject: iptables-nft: fix -Z option

it zeroes the rule counters, so it needs fully populated cache.
Add a test case to cover this.

Fixes: 9d07514ac5c7a ("nft: calculate cache requirements from list of commands")
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft-cmd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'iptables/nft-cmd.c')

diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c
index 5d33f1f0..f2b935c5 100644
--- a/iptables/nft-cmd.c
+++ b/iptables/nft-cmd.c
@@ -185,7 +185,7 @@ int nft_cmd_chain_zero_counters(struct nft_handle *h, const char *chain,
 	if (!cmd)
 		return 0;
 
-	nft_cache_level_set(h, NFT_CL_CHAINS, cmd);
+	nft_cache_level_set(h, NFT_CL_RULES, cmd);
 
 	return 1;
 }
-- 
cgit v1.2.3