From c2594475dd270e3a81033fed2e5251dbd5ce319b Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 2 Aug 2018 17:05:08 +0200
Subject: xtables: Allocate rule cache just once

For each parsed table, xtables-restore calls nft_table_flush() which
each time allocates a new rule cache, possibly overwriting the pointer
to the previously allocated one. Fix this by checking the pointer value
and only allocate if it's NULL.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 iptables/nft.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'iptables/nft.c')

diff --git a/iptables/nft.c b/iptables/nft.c
index a9cb92ed..d5c4c766 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1867,9 +1867,11 @@ next:
 		t = nftnl_table_list_iter_next(iter);
 	}
 
-	h->rule_cache = nftnl_rule_list_alloc();
-	if (h->rule_cache == NULL)
-		return -1;
+	if (!h->rule_cache) {
+		h->rule_cache = nftnl_rule_list_alloc();
+		if (h->rule_cache == NULL)
+			return -1;
+	}
 
 err_table_iter:
 	nftnl_table_list_iter_destroy(iter);
-- 
cgit v1.2.3