diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-17 19:33:53 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-23 19:00:02 +0200 |
commit | 12a223ced7f6b9d9555390c1922bb67133a35c5a (patch) | |
tree | 2401335587b19de2f7bf2f0b8913dcf9df2bd02c | |
parent | b91bbf88f00bb45007c665b86cbd7982b2548b22 (diff) |
libnftables: release top level scope
Otherwise bogus variable redefinition are reported via -o/--optimize:
redefinition.conf:5:8-21: Error: redefinition of symbol 'interface_inet'
define interface_inet = enp5s0
^^^^^^^^^^^^^^
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/libnftables.c | 2 | ||||
-rwxr-xr-x | tests/shell/testcases/optimizations/variables | 15 |
2 files changed, 17 insertions, 0 deletions
diff --git a/src/libnftables.c b/src/libnftables.c index aac682b7..f2a1ef04 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -708,6 +708,8 @@ err: if (rc) nft_cache_release(&nft->cache); + scope_release(nft->state->scopes[0]); + return rc; } diff --git a/tests/shell/testcases/optimizations/variables b/tests/shell/testcases/optimizations/variables new file mode 100755 index 00000000..fa986065 --- /dev/null +++ b/tests/shell/testcases/optimizations/variables @@ -0,0 +1,15 @@ +#!/bin/bash + +set -e + +RULESET="define addrv4_vpnnet = 10.1.0.0/16 + +table ip nat { + chain postrouting { + type nat hook postrouting priority 0; policy accept; + + ip saddr \$addrv4_vpnnet counter masquerade fully-random comment \"masquerade ipv4\" + } +}" + +$NFT -c -o -f - <<< $RULESET |