diff options
author | Florian Westphal <fw@strlen.de> | 2019-09-06 16:43:37 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2019-09-07 14:29:31 +0200 |
commit | cec665f34a91600550dbd14655b25ed2cc317233 (patch) | |
tree | c5b47f3c719d862a5a1f18ddd27320b7d3d9f319 /src/evaluate.c | |
parent | 648cc618975ec27df2920cf2fa9841ba76cf21d0 (diff) |
evaluate: flag fwd and queue statements as terminal
Both queue and fwd statement end evaluation of a rule:
in
... fwd to "eth0" accept
... queue accept
"accept" is redundant and never evaluated in the kernel.
Add the missing "TERMINAL" flag so the evaluation step will catch
any trailing expressions:
nft add rule filter input queue counter
Error: Statement after terminal statement has no effect
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/evaluate.c')
-rw-r--r-- | src/evaluate.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index b8bcf486..29fe9660 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2963,6 +2963,7 @@ static int stmt_evaluate_fwd(struct eval_ctx *ctx, struct stmt *stmt) default: return stmt_error(ctx, stmt, "unsupported family"); } + stmt->flags |= STMT_F_TERMINAL; return 0; } @@ -2982,6 +2983,7 @@ static int stmt_evaluate_queue(struct eval_ctx *ctx, struct stmt *stmt) "fanout requires a range to be " "specified"); } + stmt->flags |= STMT_F_TERMINAL; return 0; } |