diff options
author | Florian Westphal <fw@strlen.de> | 2018-03-31 16:19:07 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-04-01 00:05:53 +0200 |
commit | 403b46ada490ed8146b02ea740c42695c3874b75 (patch) | |
tree | 9c0999c0485d2d9d9b3bbbda622564307cbd78bc | |
parent | 7ba74b597300ffbb06df1bf3e6fcfe92add65bb4 (diff) |
netlink_delinearize: kill dependency before eval of 'redirect' stmt
ip protocol 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080}
is printed as
redirect to :tcp dport map { 22 : 8000, 80 : 8080}
but that input yields:
Error: transport protocol mapping is only valid after transport protocol match
so kill dependencies beforehand so nft won't remove it.
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | src/netlink_delinearize.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 754a307e..2126cf20 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -2363,8 +2363,10 @@ static void rule_parse_postprocess(struct netlink_parse_ctx *ctx, struct rule *r case STMT_NAT: if (stmt->nat.addr != NULL) expr_postprocess(&rctx, &stmt->nat.addr); - if (stmt->nat.proto != NULL) + if (stmt->nat.proto != NULL) { + payload_dependency_reset(&rctx.pdctx); expr_postprocess(&rctx, &stmt->nat.proto); + } break; case STMT_REJECT: stmt_reject_postprocess(&rctx); |