From 545c93d54d900e8e20071891b7e2bf3bb0e5fed2 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 6 Jan 2015 21:28:53 +0100
Subject: evaluate: reject: fix dependency generation from nft -f

When nft -f is used, ctx->cmd points to the table object, which
contains the corresponding chain, set and rule lists. The reject
statement evaluator relies on ctx->cmd->rule to add the payload
dependencies, which is doesn't point to the rule in that case.

This patch adds the rule context to the eval_ctx structure to update
the rule list of statements when generating dependencies, as the reject
statement needs.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=993
Reported-by: Ting-Wei Lan <lantw44@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/rule.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include')

diff --git a/include/rule.h b/include/rule.h
index 936177b9..0c523155 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -344,6 +344,7 @@ extern void cmd_free(struct cmd *cmd);
  * @msgs:	message queue
  * @cmd:	current command
  * @table:	current table
+ * @rule:	current rule
  * @set:	current set
  * @stmt:	current statement
  * @ectx:	expression context
@@ -353,6 +354,7 @@ struct eval_ctx {
 	struct list_head	*msgs;
 	struct cmd		*cmd;
 	struct table		*table;
+	struct rule		*rule;
 	struct set		*set;
 	struct stmt		*stmt;
 	struct expr_ctx		ectx;
-- 
cgit v1.2.3