From 12a223ced7f6b9d9555390c1922bb67133a35c5a Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 17 Jun 2022 19:33:53 +0200
Subject: libnftables: release top level scope

Otherwise bogus variable redefinition are reported via -o/--optimize:

  redefinition.conf:5:8-21: Error: redefinition of symbol
'interface_inet'
  define interface_inet = enp5s0
^^^^^^^^^^^^^^

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/libnftables.c                             |  1 +
 tests/shell/testcases/optimizations/variables | 15 +++++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 tests/shell/testcases/optimizations/variables

diff --git a/src/libnftables.c b/src/libnftables.c
index aa6493a..bec378d 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -652,5 +652,6 @@ err:
 		json_print_echo(nft);
 	if (rc)
 		nft_cache_release(&nft->cache);
+       scope_release(nft->state->scopes[0]);
 	return rc;
 }
diff --git a/tests/shell/testcases/optimizations/variables b/tests/shell/testcases/optimizations/variables
new file mode 100644
index 0000000..fa98606
--- /dev/null
+++ b/tests/shell/testcases/optimizations/variables
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -e
+
+RULESET="define addrv4_vpnnet = 10.1.0.0/16
+
+table ip nat {
+    chain postrouting {
+        type nat hook postrouting priority 0; policy accept;
+
+        ip saddr \$addrv4_vpnnet counter masquerade fully-random comment \"masquerade ipv4\"
+    }
+}"
+
+$NFT -c -o -f - <<< $RULESET
-- 
2.23.0