On Tue, May 21, 2019 at 01:06:14PM -0400, Eric Garver wrote:
> Hi Phil,
>
> On Sat, May 18, 2019 at 01:00:30AM +0200, Phil Sutter wrote:
> > This series implements a fix for situations where a cache update removes
> > local (still uncommitted) items from cache leading to spurious errors
> > afterwards.
> >
> > The series is based on Eric's "src: update cache if cmd is more
> > specific" patch which is still under review but resolves a distinct
> > problem from the one addressed in this series.
> >
> > The first patch improves Eric's patch a bit. If he's OK with my change,
> > it may very well be just folded into his.
> >
> > Phil Sutter (3):
> > src: Improve cache_needs_more() algorithm
> > libnftables: Keep list of commands in nft context
> > src: Restore local entries after cache update
> >
> > include/nftables.h | 1 +
> > src/libnftables.c | 21 +++++------
> > src/rule.c | 91 +++++++++++++++++++++++++++++++++++++++++++---
> > 3 files changed, 96 insertions(+), 17 deletions(-)
> >
> > --
> > 2.21.0
>
> I've been testing this series. I found anonymous sets are mistakenly
> free()d if a cache_release occurs.
Below is a real fix for this issue. After a cache update we need to skip adding
anonymous sets from the cmd list into the cache.
Phil, if you agree please fold this into your series.
diff --git a/src/rule.c b/src/rule.c
index 4f015fc5354b..94830b651925 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -224,6 +224,9 @@ static void cache_add_set_cmd(struct nft_ctx *nft, struct
cmd *cmd)
{
struct table *table;
+ if (cmd->set->flags & NFT_SET_ANONYMOUS)
+ return;
+
table = table_lookup(&cmd->handle, &nft->cache);
if (table == NULL)
return;
