rule: don't put NFTA_RULE_EXPRESSION into messages

If there are no expressions in this rule, skip the NFTA_RULE_EXPRESSION attribute, otherwise it will be empty. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2013-09-17 18:24:30 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-09-17 18:25:17 +0200
commit: 8cabd12d31c1f02ab67bd6e2ecf32f005b2a6f87 (patch)
tree: 0d59bd7e502981aaa12c8b0a8c2cde690a2c7df2 /src
parent: a0274efd21f022d4416da03a5a19be5b61f225c1 (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/src/rule.c b/src/rule.c
index 2e7be6f..3fac5c2 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -264,11 +264,13 @@ void nft_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_rule *r)
 	if (r->flags & (1 << NFT_RULE_ATTR_FLAGS))
 		mnl_attr_put_u32(nlh, NFTA_RULE_FLAGS, htonl(r->rule_flags));
 
-	nest = mnl_attr_nest_start(nlh, NFTA_RULE_EXPRESSIONS);
-	list_for_each_entry(expr, &r->expr_list, head) {
-		nft_rule_expr_build_payload(nlh, expr);
+	if (!list_empty(&r->expr_list)) {
+		nest = mnl_attr_nest_start(nlh, NFTA_RULE_EXPRESSIONS);
+		list_for_each_entry(expr, &r->expr_list, head) {
+			nft_rule_expr_build_payload(nlh, expr);
+		}
+		mnl_attr_nest_end(nlh, nest);
 	}
-	mnl_attr_nest_end(nlh, nest);
 
 	if (r->flags & (1 << NFT_RULE_ATTR_COMPAT_PROTO) &&
 	    r->flags & (1 << NFT_RULE_ATTR_COMPAT_FLAGS)) {
author	Pablo Neira Ayuso <pablo@netfilter.org>	2013-09-17 18:24:30 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-09-17 18:25:17 +0200
commit	8cabd12d31c1f02ab67bd6e2ecf32f005b2a6f87 (patch)
tree	0d59bd7e502981aaa12c8b0a8c2cde690a2c7df2 /src
parent	a0274efd21f022d4416da03a5a19be5b61f225c1 (diff)