diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-09-29 10:55:19 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-09-29 18:59:44 +0200 |
commit | 3639ce913dc47974322e8c38b8567338acc45d7d (patch) | |
tree | 0fa9db198bd5eb6d85277e5c3c17b8ef31fca49d | |
parent | 50780456a01a077d778c236c4d4b64a00ed5acac (diff) |
cache: set on cache flags for nested notation
Set on the cache flags for the nested notation too, this is fixing nft -f
with two files, one that contains the set declaration and another that
adds a rule that refers to such set.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1474
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/cache.c | 10 | ||||
-rwxr-xr-x | tests/shell/testcases/nft-f/0029split_file_0 | 25 |
2 files changed, 35 insertions, 0 deletions
diff --git a/src/cache.c b/src/cache.c index 42e6b65c..544f64a2 100644 --- a/src/cache.c +++ b/src/cache.c @@ -20,6 +20,16 @@ static unsigned int evaluate_cache_add(struct cmd *cmd, unsigned int flags) { switch (cmd->obj) { + case CMD_OBJ_TABLE: + if (!cmd->table) + break; + + flags |= NFT_CACHE_TABLE | + NFT_CACHE_CHAIN | + NFT_CACHE_SET | + NFT_CACHE_OBJECT | + NFT_CACHE_FLOWTABLE; + break; case CMD_OBJ_CHAIN: case CMD_OBJ_SET: case CMD_OBJ_COUNTER: diff --git a/tests/shell/testcases/nft-f/0029split_file_0 b/tests/shell/testcases/nft-f/0029split_file_0 new file mode 100755 index 00000000..0cc547ab --- /dev/null +++ b/tests/shell/testcases/nft-f/0029split_file_0 @@ -0,0 +1,25 @@ +#!/bin/bash + +set -e + +RULESET="table inet filter { + set whitelist_v4 { + type ipv4_addr; + } + + chain prerouting { + type filter hook prerouting priority filter; + } +} +" + +$NFT -f - <<< "$RULESET" + +RULESET="table inet filter { + chain prerouting { + ip daddr @whitelist_v4 + } +} +" + +$NFT -f - <<< "$RULESET" |