netlink_delinearize: kill dependency before eval of 'redirect' stmt

ip protocol 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080} is printed as redirect to :tcp dport map { 22 : 8000, 80 : 8080} but that input yields: Error: transport protocol mapping is only valid after transport protocol match so kill dependencies beforehand so nft won't remove it. Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2018-03-31 16:19:07 +0200
committer: Florian Westphal <fw@strlen.de> 2018-04-01 00:05:53 +0200
commit: 403b46ada490ed8146b02ea740c42695c3874b75 (patch)
tree: 9c0999c0485d2d9d9b3bbbda622564307cbd78bc /src/netlink_delinearize.c
parent: 7ba74b597300ffbb06df1bf3e6fcfe92add65bb4 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 754a307e..2126cf20 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2363,8 +2363,10 @@ static void rule_parse_postprocess(struct netlink_parse_ctx *ctx, struct rule *r
 		case STMT_NAT:
 			if (stmt->nat.addr != NULL)
 				expr_postprocess(&rctx, &stmt->nat.addr);
-			if (stmt->nat.proto != NULL)
+			if (stmt->nat.proto != NULL) {
+				payload_dependency_reset(&rctx.pdctx);
 				expr_postprocess(&rctx, &stmt->nat.proto);
+			}
 			break;
 		case STMT_REJECT:
 			stmt_reject_postprocess(&rctx);
author	Florian Westphal <fw@strlen.de>	2018-03-31 16:19:07 +0200
committer	Florian Westphal <fw@strlen.de>	2018-04-01 00:05:53 +0200
commit	403b46ada490ed8146b02ea740c42695c3874b75 (patch)
tree	9c0999c0485d2d9d9b3bbbda622564307cbd78bc /src/netlink_delinearize.c
parent	7ba74b597300ffbb06df1bf3e6fcfe92add65bb4 (diff)