diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-04-15 21:29:27 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-04-15 23:04:16 +0200 |
| commit | 18f01acbdefb211ebfefb728d2b6843c59ae06db (patch) | |
| tree | 769937dee480280970c9fd3f9be59a6c2dc450b7 | |
| parent | f3d4a3ddbcfca15a00dd9758f481420038f6de10 (diff) | |
nft-shared: skip check for jumpto if cs->target is unset
The command_jump() function leaves cs->target unset if the target is not
found. Let's check if the jumpto string mismatches only in this case.
https://bugzilla.netfilter.org/show_bug.cgi?id=1422
Tested-by: Etienne Champetier <etienne.champetier@anevia.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | extensions/libxt_NOTRACK.t | 3 | ||||
| -rw-r--r-- | iptables/nft-shared.c | 3 |
2 files changed, 3 insertions, 3 deletions
diff --git a/extensions/libxt_NOTRACK.t b/extensions/libxt_NOTRACK.t index 585be82d..27c4734f 100644 --- a/extensions/libxt_NOTRACK.t +++ b/extensions/libxt_NOTRACK.t @@ -1,4 +1,3 @@ :PREROUTING,OUTPUT *raw -# ERROR: cannot find: iptables -I PREROUTING -t raw -j NOTRACK -#-j NOTRACK;=;OK +-j NOTRACK;=;OK diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 42676564..5192e363 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -1013,7 +1013,8 @@ bool nft_ipv46_rule_find(struct nft_handle *h, struct nftnl_rule *r, void *data) goto out; } - if (strcmp(cs->jumpto, this.jumpto) != 0) { + if ((!cs->target || !this.target) && + strcmp(cs->jumpto, this.jumpto) != 0) { DEBUGP("Different verdict\n"); goto out; } |