diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-02-25 10:28:13 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-02-25 11:26:04 +0100 |
commit | e5c9c8fe0bcc8b9fa8b9fcac0f5da7314b268670 (patch) | |
tree | dc0d8095ff9eadc85f94866c2b3ecf727bdc6dec | |
parent | b4f04cb9e5cda5a342bf0e95426f9f7bcbdcaf94 (diff) |
evaluate: stmt_evaluate_nat_map() only if stmt->nat.ipportmap == true
stmt_evaluate_nat_map() is only called when the parser sets on
stmt->nat.ipportmap.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/evaluate.c | 28 |
1 files changed, 11 insertions, 17 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 2d4985c0..b38ac931 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2855,22 +2855,17 @@ static int stmt_evaluate_nat_map(struct eval_ctx *ctx, struct stmt *stmt) const struct datatype *dtype; int addr_type, err; - if (stmt->nat.ipportmap) { - switch (stmt->nat.family) { - case NFPROTO_IPV4: - addr_type = TYPE_IPADDR; - break; - case NFPROTO_IPV6: - addr_type = TYPE_IP6ADDR; - break; - default: - return -1; - } - dtype = concat_type_alloc((addr_type << TYPE_BITS) | - TYPE_INET_SERVICE); - } else { - dtype = get_addr_dtype(stmt->nat.family); + switch (stmt->nat.family) { + case NFPROTO_IPV4: + addr_type = TYPE_IPADDR; + break; + case NFPROTO_IPV6: + addr_type = TYPE_IP6ADDR; + break; + default: + return -1; } + dtype = concat_type_alloc((addr_type << TYPE_BITS) | TYPE_INET_SERVICE); expr_set_context(&ctx->ectx, dtype, dtype->size); if (expr_evaluate(ctx, &stmt->nat.addr)) @@ -2925,8 +2920,7 @@ static int stmt_evaluate_nat(struct eval_ctx *ctx, struct stmt *stmt) if (err < 0) return err; - if (stmt->nat.proto == NULL && - expr_ops(stmt->nat.addr)->type == EXPR_MAP) { + if (stmt->nat.ipportmap) { err = stmt_evaluate_nat_map(ctx, stmt); if (err < 0) return err; |