diff options
author | Florian Westphal <fw@strlen.de> | 2017-05-06 22:36:28 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2017-05-08 21:56:05 +0200 |
commit | 1b6693788cd6f9d9a69c24d205e93c2e3cf4d7fd (patch) | |
tree | f5d6c88b9e22ce2b161c7269840d84b6b7704bf3 /tests/py/inet/ether.t.payload.ip6 | |
parent | f99ccda252fa2a44d587c771e92896bcda1d7c7e (diff) |
netlink_delinearize: don't kill dependencies accross statements
nft currently translates
ip protocol tcp meta mark set 1 tcp dport 22
to
mark set 0x00000001 tcp dport 22
This is wrong, the latter form is same as
mark set 0x00000001 ip protocol tcp tcp dport 22
and thats not correct (original rule sets mark for tcp packets only).
We need to clear the dependency stack whenever we see a statement other
than stmt_expr, as these will have side effects (counter, payload
mangling, logging and the like).
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/inet/ether.t.payload.ip6')
0 files changed, 0 insertions, 0 deletions