summaryrefslogtreecommitdiffstats
path: root/src/evaluate.c
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2019-09-06 16:43:37 +0200
committerFlorian Westphal <fw@strlen.de>2019-09-07 14:29:31 +0200
commitcec665f34a91600550dbd14655b25ed2cc317233 (patch)
treec5b47f3c719d862a5a1f18ddd27320b7d3d9f319 /src/evaluate.c
parent648cc618975ec27df2920cf2fa9841ba76cf21d0 (diff)
evaluate: flag fwd and queue statements as terminal
Both queue and fwd statement end evaluation of a rule: in ... fwd to "eth0" accept ... queue accept "accept" is redundant and never evaluated in the kernel. Add the missing "TERMINAL" flag so the evaluation step will catch any trailing expressions: nft add rule filter input queue counter Error: Statement after terminal statement has no effect Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/evaluate.c')
-rw-r--r--src/evaluate.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index b8bcf486..29fe9660 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2963,6 +2963,7 @@ static int stmt_evaluate_fwd(struct eval_ctx *ctx, struct stmt *stmt)
default:
return stmt_error(ctx, stmt, "unsupported family");
}
+ stmt->flags |= STMT_F_TERMINAL;
return 0;
}
@@ -2982,6 +2983,7 @@ static int stmt_evaluate_queue(struct eval_ctx *ctx, struct stmt *stmt)
"fanout requires a range to be "
"specified");
}
+ stmt->flags |= STMT_F_TERMINAL;
return 0;
}