path: root/src/evaluate.c
diff options
authorPhil Sutter <>2016-08-30 19:39:51 +0200
committerPablo Neira Ayuso <>2016-09-05 19:08:56 +0200
commit7241af302bbe56908fa87b17799048bfe884e35f (patch)
tree2d1c291116b85c6a31643702fcdfa6e39582b5ec /src/evaluate.c
parent7a5b4c505e4d460239ac8a36b4fbccf222cd6134 (diff)
evaluate: reject: Have a generic fix for missing network context
Commit 17b495957b29e ("evaluate: reject: fix crash if we have transport protocol conflict from inet") took care of a crash when using inet or bridge families, but since then netdev family has been added which also does not implicitly define the network context. Therefore the crash can be reproduced again using the following example: nft add rule netdev filter e1000-ingress \ meta l4proto udp reject with tcp reset In order to fix this in a more generic way, have stmt_evaluate_reset() fall back to the generic proto_inet_service irrespective of the actual proto context. Signed-off-by: Phil Sutter <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'src/evaluate.c')
1 files changed, 1 insertions, 3 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index fb9b8253..194a0349 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2167,9 +2167,7 @@ static int stmt_evaluate_reset(struct eval_ctx *ctx, struct stmt *stmt)
return 0;
base = pctx->protocol[PROTO_BASE_NETWORK_HDR].desc;
- if (base == NULL &&
- (ctx-> == NFPROTO_INET ||
- ctx-> == NFPROTO_BRIDGE))
+ if (base == NULL)
base = &proto_inet_service;
protonum = proto_find_num(base, desc);