diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-01-21 16:41:35 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-01-25 23:42:40 +0100 |
commit | 7d3a0799cfd0a7dbd179f2742b6632e66d1e9b6a (patch) | |
tree | 5b20174b9a649ab55a880b122256e4d8742dcb9d /src/statement.c | |
parent | f5dd3ce30c306cac0cf0d0d33ab4867347e6f2db (diff) |
evaluate: disallow ct original {s,d}ddr from concatenations
Extend 8b043938e77b ("evaluate: disallow ct original {s,d}ddr from
maps") to cover concatenations too.
Error: specify either ip or ip6 for address matching
add rule x y meta mark set ct original saddr . meta mark map { 1.1.1.1 . 20 : 30 }
^^^^^^^^^^^^^^^^^
The old syntax for ct original saddr without either ip or ip6 results
in unknown key size, which breaks the listing. The old syntax is only
allowed in simple rules for backward compatibility.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1489
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/statement.c')
0 files changed, 0 insertions, 0 deletions