netlink_delink_delinearize: don't store dependency unless relop checks is eq check

'ip protocol ne 6' is not a dependency for nexthdr protocol, and must not be stored as such. Fixes: 0b858391781ba308 ("src: annotate follow up dependency just after killing another") Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2017-05-07 04:04:10 +0200
committer: Florian Westphal <fw@strlen.de> 2017-05-15 19:08:56 +0200
commit: 723c4222b8771a5474307596dd4c09dbe428607b (patch)
tree: cfd7bb958928314fd6c287c223c7297f03711896 /src/netlink_delinearize.c
parent: e2958fb2008607f3a2bc6dcd87da5f74a71ef209 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index a65a97da..f0288cd4 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1332,7 +1332,7 @@ static void payload_match_expand(struct rule_pp_ctx *ctx,
 			payload_dependency_store(&ctx->pdctx, nstmt, base - stacked);
 		} else {
 			payload_dependency_kill(&ctx->pdctx, nexpr->left);
-			if (left->flags & EXPR_F_PROTOCOL)
+			if (expr->op == OP_EQ && left->flags & EXPR_F_PROTOCOL)
 				payload_dependency_store(&ctx->pdctx, nstmt, base - stacked);
 		}
 	}
author	Florian Westphal <fw@strlen.de>	2017-05-07 04:04:10 +0200
committer	Florian Westphal <fw@strlen.de>	2017-05-15 19:08:56 +0200
commit	723c4222b8771a5474307596dd4c09dbe428607b (patch)
tree	cfd7bb958928314fd6c287c223c7297f03711896 /src/netlink_delinearize.c
parent	e2958fb2008607f3a2bc6dcd87da5f74a71ef209 (diff)