path: root/src/payload.c
diff options
authorFlorian Westphal <>2017-05-06 22:36:28 +0200
committerFlorian Westphal <>2017-05-08 21:56:05 +0200
commit1b6693788cd6f9d9a69c24d205e93c2e3cf4d7fd (patch)
treef5d6c88b9e22ce2b161c7269840d84b6b7704bf3 /src/payload.c
parentf99ccda252fa2a44d587c771e92896bcda1d7c7e (diff)
netlink_delinearize: don't kill dependencies accross statements
nft currently translates ip protocol tcp meta mark set 1 tcp dport 22 to mark set 0x00000001 tcp dport 22 This is wrong, the latter form is same as mark set 0x00000001 ip protocol tcp tcp dport 22 and thats not correct (original rule sets mark for tcp packets only). We need to clear the dependency stack whenever we see a statement other than stmt_expr, as these will have side effects (counter, payload mangling, logging and the like). Signed-off-by: Florian Westphal <> Acked-by: Pablo Neira Ayuso <>
Diffstat (limited to 'src/payload.c')
1 files changed, 5 insertions, 0 deletions
diff --git a/src/payload.c b/src/payload.c
index 169954ba..55128fee 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -366,6 +366,11 @@ bool payload_is_stacked(const struct proto_desc *desc, const struct expr *expr)
return next && next->base == desc->base;
+void payload_dependency_reset(struct payload_dep_ctx *ctx)
+ memset(ctx, 0, sizeof(*ctx));
* payload_dependency_store - store a possibly redundant protocol match