diff options
| author | Álvaro Neira Ayuso <alvaroneay@gmail.com> | 2014-06-02 16:44:11 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-05 16:54:35 +0200 |
| commit | 0c512cf7f26363713b8c76a6a826e2401e21907f (patch) | |
| tree | 89774392cbcb35f70c87c5772277fa0ab7d367c5 | |
| parent | cc4b17804e8f98b76f5d9941c78eb664c9963bef (diff) | |
payload: Update the context only in equality relations
If we add this rule:
sudo nft add rule ip test input ip protocol != icmp
and we try to list the rules in the table test, nftables
show this error:
nft: src/payload.c:76: payload_expr_pctx_update: Assertion `expr->op == OP_EQ' failed.
This patch change the function payload_match_postprocess for updating
only the context in equality relations case.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/netlink_delinearize.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 479c6439..ea333085 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -644,7 +644,8 @@ static void payload_match_postprocess(struct rule_pp_ctx *ctx, nexpr = relational_expr_alloc(&expr->location, expr->op, left, tmp); - left->ops->pctx_update(&ctx->pctx, nexpr); + if (expr->op == OP_EQ) + left->ops->pctx_update(&ctx->pctx, nexpr); nstmt = expr_stmt_alloc(&stmt->location, nexpr); list_add_tail(&nstmt->list, &stmt->list); |