diff options
| author | Florian Westphal <fw@strlen.de> | 2019-01-16 13:54:13 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2019-01-18 23:01:20 +0100 |
| commit | f30e5fe55f252558f6b78c436595051b0506b8c6 (patch) | |
| tree | 0a4dd6fa91f4e5a549822e8342d9ade42ffb0f33 | |
| parent | ce2651222911f09ca838fbdd29b5b2e0ff5f262f (diff) | |
mnl: name is ignored when deleting a table
nlt is reallocated, leaking first allocation and also removing
the table name/handle that was set on nlt object.
Add a test case for this as well, the batch is supposed to fail
when trying to delete a non-existant table, rather than wiping
all tables in the same address family.
Fixes: 12c362e2214a0 ("mnl: remove alloc_nftnl_table()")
Reported-by: Mikhail Morfikov <mmorfikov@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
| -rw-r--r-- | src/mnl.c | 4 | ||||
| -rwxr-xr-x | tests/shell/testcases/transactions/0003table_0 | 35 |
2 files changed, 35 insertions, 4 deletions
@@ -664,10 +664,6 @@ int mnl_nft_table_del(struct netlink_ctx *ctx, const struct cmd *cmd) nftnl_table_set_u64(nlt, NFTNL_TABLE_HANDLE, cmd->handle.handle.id); - nlt = nftnl_table_alloc(); - if (nlt == NULL) - memory_allocation_error(); - nlh = nftnl_nlmsg_build_hdr(nftnl_batch_buffer(ctx->batch), NFT_MSG_DELTABLE, cmd->handle.family, diff --git a/tests/shell/testcases/transactions/0003table_0 b/tests/shell/testcases/transactions/0003table_0 index 6e508fc2..6861eaba 100755 --- a/tests/shell/testcases/transactions/0003table_0 +++ b/tests/shell/testcases/transactions/0003table_0 @@ -11,3 +11,38 @@ if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi + +KERNEL_RULESET="$($NFT list ruleset)" +if [ "" != "$KERNEL_RULESET" ] ; then + DIFF="$(which diff)" + echo "Got a ruleset, but expected empty: " + echo "$KERNEL_RULESET" + exit 1 +fi + +RULESET="table ip x { +} +table ip y { +}" + +$NFT -f - <<< "$RULESET" +if [ $? -ne 0 ] ; then + echo "E: unable to load good ruleset" >&2 + exit 1 +fi + +RULESETFAIL="flush ruleset +create table ip nat +create table inet filter +create chain ip nat testchain +delete table ip testtable" + +# testtable doesn't exist, batch expected to fail +$NFT -f - <<< "$RULESETFAIL" && exit 2 + +KERNEL_RULESET="$($NFT list ruleset)" +if [ "$RULESET" != "$KERNEL_RULESET" ] ; then + DIFF="$(which diff)" + [ -x $DIFF ] && $DIFF -u <(echo "$RULESET") <(echo "$KERNEL_RULESET") + exit 1 +fi |