From patchwork Tue Nov 7 18:25:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 1861215 X-Patchwork-Delegate: p.ozlabs@nwl.cc Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nwl.cc header.i=@nwl.cc header.a=rsa-sha256 header.s=mail2022 header.b=GnkLFVEZ; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2620:137:e000::1:20; helo=out1.vger.email; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by legolas.ozlabs.org (Postfix) with ESMTP id 4SPxTg720Nz1yQL for ; Wed, 8 Nov 2023 05:25:11 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234960AbjKGSZK (ORCPT ); Tue, 7 Nov 2023 13:25:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57196 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234909AbjKGSZJ (ORCPT ); Tue, 7 Nov 2023 13:25:09 -0500 Received: from orbyte.nwl.cc (orbyte.nwl.cc [IPv6:2001:41d0:e:133a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 61C08120 for ; Tue, 7 Nov 2023 10:25:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nwl.cc; s=mail2022; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject: Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=fxC3bYvSLztNu65ApIpxEBZ+ZRHoDRXCgkijvI/Og68=; b=GnkLFVEZWEATSZ5bf5GR9bR2o5 QVM/tGdYIfShpGCDGw1sbtUYQDNu5RiXaaGE4WhrPTLsZUe0MHWD//lnWnYPJiKdcSmp75MV+zqse JgnxrpPAgeNpUm13hgiWMbF5yVBYh08pr/ujMYSgWTMUUva0m1IwdsTf2mxPeGoh3xi1DtsTfCq94 ep1QjDHugta3h8tUhnd1coC9ccwvoA8bDBJhzt534sgrFp7wOv21sPsj68mx4ZozJ5klKkm2Ae+pG DRe/BiHDXBFmYjPyCGKj5p61zOmhZUrthOVx4OpBHxVtRVOXxb92ZYfoBIPtknIV+ilcv72b2Zjx3 4Bquq5AA==; Received: from localhost ([::1] helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.94.2) (envelope-from ) id 1r0Ql6-00060F-6D; Tue, 07 Nov 2023 19:25:04 +0100 From: Phil Sutter To: netfilter-devel@vger.kernel.org Cc: Eric Garver Subject: [iptables PATCH] ebtables: Fix corner-case noflush restore bug Date: Tue, 7 Nov 2023 19:25:00 +0100 Message-ID: <20231107182500.29432-1-phil@nwl.cc> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Report came from firwalld, but this is actually rather hard to trigger. Since a regular chain line prevents it, typical dump/restore use-cases are unaffected. Fixes: 73611d5582e72 ("ebtables-nft: add broute table emulation") Cc: Eric Garver Signed-off-by: Phil Sutter --- .../testcases/ebtables/0009-broute-bug_0 | 25 +++++++++++++++++++ iptables/xtables-eb.c | 2 ++ 2 files changed, 27 insertions(+) create mode 100755 iptables/tests/shell/testcases/ebtables/0009-broute-bug_0 diff --git a/iptables/tests/shell/testcases/ebtables/0009-broute-bug_0 b/iptables/tests/shell/testcases/ebtables/0009-broute-bug_0 new file mode 100755 index 0000000000000..0def0ac58e7be --- /dev/null +++ b/iptables/tests/shell/testcases/ebtables/0009-broute-bug_0 @@ -0,0 +1,25 @@ +#!/bin/sh +# +# Missing BROUTING-awareness in ebt_get_current_chain() caused an odd caching bug when restoring: +# - with --noflush +# - a second table after the broute one +# - A policy command but no chain line for BROUTING chain + +set -e + +case "$XT_MULTI" in +*xtables-nft-multi) + ;; +*) + echo "skip $XT_MULTI" + exit 0 + ;; +esac + +$XT_MULTI ebtables-restore --noflush <