diff options
-rw-r--r-- | src/evaluate.c | 4 | ||||
-rwxr-xr-x | tests/shell/testcases/nft-f/0024priority_0 | 14 | ||||
-rw-r--r-- | tests/shell/testcases/nft-f/dumps/0024priority_0.nft | 10 |
3 files changed, 26 insertions, 2 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 7d6f55fe..3a91e9ea 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3789,8 +3789,8 @@ static bool evaluate_priority(struct eval_ctx *ctx, struct prio_spec *prio, int prio_snd; char op; - ctx->ectx.dtype = &priority_type; - ctx->ectx.len = NFT_NAME_MAXLEN * BITS_PER_BYTE; + expr_set_context(&ctx->ectx, &priority_type, NFT_NAME_MAXLEN * BITS_PER_BYTE); + if (expr_evaluate(ctx, &prio->expr) < 0) return false; if (prio->expr->etype != EXPR_VALUE) { diff --git a/tests/shell/testcases/nft-f/0024priority_0 b/tests/shell/testcases/nft-f/0024priority_0 new file mode 100755 index 00000000..586f5c3f --- /dev/null +++ b/tests/shell/testcases/nft-f/0024priority_0 @@ -0,0 +1,14 @@ +#!/bin/bash + +RULESET=" +table inet statelessnat { + chain prerouting { + type filter hook prerouting priority -100; + ip daddr set numgen inc mod 16 map { 0-7 : 10.0.1.1, 8- 15 : 10.0.1.2 } + } + chain postrouting { + type filter hook postrouting priority 100 + } +}" + +exec $NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/nft-f/dumps/0024priority_0.nft b/tests/shell/testcases/nft-f/dumps/0024priority_0.nft new file mode 100644 index 00000000..cd7fc504 --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0024priority_0.nft @@ -0,0 +1,10 @@ +table inet statelessnat { + chain prerouting { + type filter hook prerouting priority dstnat; policy accept; + ip daddr set numgen inc mod 16 map { 0-7 : 10.0.1.1, 8-15 : 10.0.1.2 } + } + + chain postrouting { + type filter hook postrouting priority srcnat; policy accept; + } +} |