diff options
author | Florian Westphal <fw@strlen.de> | 2017-05-07 04:04:10 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2017-05-15 19:08:56 +0200 |
commit | 723c4222b8771a5474307596dd4c09dbe428607b (patch) | |
tree | cfd7bb958928314fd6c287c223c7297f03711896 /src/netlink_delinearize.c | |
parent | e2958fb2008607f3a2bc6dcd87da5f74a71ef209 (diff) |
netlink_delink_delinearize: don't store dependency unless relop checks is eq check
'ip protocol ne 6' is not a dependency for nexthdr protocol, and must
not be stored as such.
Fixes: 0b858391781ba308 ("src: annotate follow up dependency just after killing another")
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_delinearize.c')
-rw-r--r-- | src/netlink_delinearize.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index a65a97da..f0288cd4 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -1332,7 +1332,7 @@ static void payload_match_expand(struct rule_pp_ctx *ctx, payload_dependency_store(&ctx->pdctx, nstmt, base - stacked); } else { payload_dependency_kill(&ctx->pdctx, nexpr->left); - if (left->flags & EXPR_F_PROTOCOL) + if (expr->op == OP_EQ && left->flags & EXPR_F_PROTOCOL) payload_dependency_store(&ctx->pdctx, nstmt, base - stacked); } } |