summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCarlos Falgueras García <carlosfg@riseup.net>2016-08-26 15:49:22 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2016-08-26 19:25:55 +0200
commit41abb7f7dda23ed522d3acec17d091e4d0eb8141 (patch)
treeb204215e79c63da0bf057f542335e68f2f8dd28d
parent54fc1f15cc8a14c333a216e93a8e2a3d1cbca67e (diff)
expr: immediate: Fix verdict comparison
An immediate expression of type 'DATA_VERDICT' can have set a chain (jump or goto), in this cases we must compare its 'union nftnl_data_reg' using 'DATA_CHAIN' flag instead of 'DATA_VERDICT' Before this patch compare expressions "jump -> chain_a" and "jump -> chain_b" returns they are equals. Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/expr/immediate.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/src/expr/immediate.c b/src/expr/immediate.c
index cb8a81b..2fdae9c 100644
--- a/src/expr/immediate.c
+++ b/src/expr/immediate.c
@@ -326,13 +326,20 @@ static bool nftnl_expr_immediate_cmp(const struct nftnl_expr *e1,
struct nftnl_expr_immediate *i1 = nftnl_expr_data(e1);
struct nftnl_expr_immediate *i2 = nftnl_expr_data(e2);
bool eq = true;
+ int type = DATA_NONE;
if (e1->flags & (1 << NFTNL_EXPR_IMM_DREG))
eq &= (i1->dreg == i2->dreg);
if (e1->flags & (1 << NFTNL_EXPR_IMM_VERDICT))
- eq &= nftnl_data_reg_cmp(&i1->data, &i2->data, DATA_VERDICT);
+ if (e1->flags & (1 << NFTNL_EXPR_IMM_CHAIN))
+ type = DATA_CHAIN;
+ else
+ type = DATA_VERDICT;
else if (e1->flags & (1 << NFTNL_EXPR_IMM_DATA))
- eq &= nftnl_data_reg_cmp(&i1->data, &i2->data, DATA_VALUE);
+ type = DATA_VALUE;
+
+ if (type != DATA_NONE)
+ eq &= nftnl_data_reg_cmp(&i1->data, &i2->data, type);
return eq;
}