diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-05-08 14:44:02 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-05-14 16:53:05 +0200 |
commit | b81519f1641b508c289ddfefc800b2c20ab243e6 (patch) | |
tree | 203c730f1a57ea70c718c72e6092a526ef5cfc03 /src | |
parent | 9ed076c6f5abcbbad1b6b721dca29f87963f0ecc (diff) |
libnftables: call nft_cmd_expand() only with CMD_ADD
Restrict the expansion logic to the CMD_ADD command which is where this
is only required.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/libnftables.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/libnftables.c b/src/libnftables.c index 32da0a29..668e3fc4 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -419,8 +419,12 @@ static int nft_evaluate(struct nft_ctx *nft, struct list_head *msgs, if (nft->state->nerrs) return -1; - list_for_each_entry(cmd, cmds, list) + list_for_each_entry(cmd, cmds, list) { + if (cmd->op != CMD_ADD) + continue; + nft_cmd_expand(cmd); + } return 0; } |