diff options
author | Eric Garver <eric@garver.life> | 2019-05-22 21:44:04 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-24 21:14:30 +0200 |
commit | eeda228c2d1719f5b6276b40ad14a5b3c3e88536 (patch) | |
tree | 1f4db86616df6eeb13ad92c94447766dbea73f45 /tests/shell/testcases | |
parent | 7e71e06b7b724006c84e789aa7bcb7faadd21c48 (diff) |
src: update cache if cmd is more specific
If we've done a partial fetch of the cache and the genid is the same the
cache update will be skipped without fetching the needed items. This
change flushes the cache if the new request is more specific than the
current cache - forcing a cache update which includes the needed items.
Introduces a simple scoring system which reflects how
cache_init_objects() looks at the current command to decide if it is
finished already or not. Then use that in cache_needs_more(): If current
command's score is higher than old command's, cache needs an update.
Fixes: 816d8c7659c1 ("Support 'add/insert rule index <IDX>'")
Signed-off-by: Eric Garver <eric@garver.life>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases')
-rwxr-xr-x | tests/shell/testcases/cache/0003_cache_update_0 | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/tests/shell/testcases/cache/0003_cache_update_0 b/tests/shell/testcases/cache/0003_cache_update_0 index deb45db2..fa9b5df3 100755 --- a/tests/shell/testcases/cache/0003_cache_update_0 +++ b/tests/shell/testcases/cache/0003_cache_update_0 @@ -27,3 +27,17 @@ EOF $NFT -i >/dev/null <<EOF add table ip t3; add chain ip t c EOF + +# The following test exposes a problem with incremental cache update when +# reading commands from a file that add a rule using the "index" keyword. +# +# add rule ip t4 c meta l4proto icmp accept -> rule to reference in next step +# add rule ip t4 c index 0 drop -> index 0 is not found due to rule cache not +# being updated +$NFT -i >/dev/null <<EOF +add table ip t4; add chain ip t4 c +add rule ip t4 c meta l4proto icmp accept +EOF +$NFT -f - >/dev/null <<EOF +add rule ip t4 c index 0 drop +EOF |