diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/evaluate.c | 6 | ||||
-rw-r--r-- | src/expression.c | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 6ae94b0f..d224f0f3 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2838,6 +2838,9 @@ static int flowtable_evaluate(struct eval_ctx *ctx, struct flowtable *ft) if (ft->hooknum == NF_INET_NUMHOOKS) return chain_error(ctx, ft, "invalid hook %s", ft->hookstr); + if (!ft->dev_expr) + return chain_error(ctx, ft, "Unbound flowtable not allowed (must specify devices)"); + return 0; } @@ -2874,6 +2877,9 @@ static int rule_evaluate(struct eval_ctx *ctx, struct rule *rule) static uint32_t str2hooknum(uint32_t family, const char *hook) { + if (!hook) + return NF_INET_NUMHOOKS; + switch (family) { case NFPROTO_IPV4: case NFPROTO_BRIDGE: diff --git a/src/expression.c b/src/expression.c index 5f023d2a..e698b14c 100644 --- a/src/expression.c +++ b/src/expression.c @@ -65,7 +65,7 @@ void expr_free(struct expr *expr) return; if (--expr->refcnt > 0) return; - if (expr->ops->destroy) + if (expr->ops && expr->ops->destroy) expr->ops->destroy(expr); xfree(expr); } |