From 56f5ee8dee86d4ceaeac7eb6e1eaaa2ac3a1d0f8 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Wed, 24 Feb 2021 11:08:02 +0100 Subject: [PATCH] iptables-nft: fix -Z option it zeroes the rule counters, so it needs fully populated cache. Add a test case to cover this. Fixes: 9d07514ac5c7a ("nft: calculate cache requirements from list of commands") Signed-off-by: Florian Westphal Acked-by: Phil Sutter (cherry picked from commit 5f1fcacebf9b4529950b6e3f88327049a0ea7cd2) --- iptables/nft-cmd.c | 2 +- .../testcases/iptables/0007-zero-counters_0 | 64 +++++++++++++++++++ 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100755 iptables/tests/shell/testcases/iptables/0007-zero-counters_0 diff --git a/iptables/nft-cmd.c b/iptables/nft-cmd.c index 5d33f1f00f574..f2b935c57dab4 100644 --- a/iptables/nft-cmd.c +++ b/iptables/nft-cmd.c @@ -185,7 +185,7 @@ int nft_cmd_chain_zero_counters(struct nft_handle *h, const char *chain, if (!cmd) return 0; - nft_cache_level_set(h, NFT_CL_CHAINS, cmd); + nft_cache_level_set(h, NFT_CL_RULES, cmd); return 1; } diff --git a/iptables/tests/shell/testcases/iptables/0007-zero-counters_0 b/iptables/tests/shell/testcases/iptables/0007-zero-counters_0 new file mode 100755 index 0000000000000..36da1907e3b22 --- /dev/null +++ b/iptables/tests/shell/testcases/iptables/0007-zero-counters_0 @@ -0,0 +1,64 @@ +#!/bin/bash + +RC=0 +COUNTR=$RANDOM$RANDOM + +$XT_MULTI iptables-restore -c <