summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2017-05-07 02:40:46 +0200
committerFlorian Westphal <fw@strlen.de>2017-05-18 18:09:40 +0200
commit50323910f2214de6fa333c3bf0c1452842b5a924 (patch)
tree7b46597e447ec14802a5ff5e0c2a038354d02a92 /src
parenta4af1e9b7e5ab4c98f3e338a4552ba2017b5c381 (diff)
src: add a comment wrt. reject dependency insertion
at first I thought this was a bug but this in fact seems the right thing, add a comment/example why adding dependency as first statement makes sense. Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src')
-rw-r--r--src/evaluate.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 1cfe7675..27cee989 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2015,6 +2015,14 @@ static int stmt_reject_gen_dependency(struct eval_ctx *ctx, struct stmt *stmt,
if (payload_gen_dependency(ctx, payload, &nstmt) < 0)
return -1;
+ /*
+ * Unlike payload deps this adds the dependency at the beginning, i.e.
+ * log ... reject with tcp-reset
+ * turns into
+ * meta l4proto tcp log ... reject with tcp-reset
+ *
+ * Otherwise we'd log things that won't be rejected.
+ */
list_add(&nstmt->list, &ctx->rule->stmts);
return 0;
}