From 0c512cf7f26363713b8c76a6a826e2401e21907f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lvaro=20Neira=20Ayuso?= <alvaroneay@gmail.com>
Date: Mon, 2 Jun 2014 16:44:11 +0200
Subject: payload: Update the context only in equality relations

If we add this rule:

sudo nft add rule ip test input ip protocol != icmp

and we try to list the rules in the table test, nftables
show this error:

nft: src/payload.c:76: payload_expr_pctx_update: Assertion `expr->op == OP_EQ' failed.

This patch change the function payload_match_postprocess for updating
only the context in equality relations case.

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink_delinearize.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 479c6439..ea333085 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -644,7 +644,8 @@ static void payload_match_postprocess(struct rule_pp_ctx *ctx,
 
 			nexpr = relational_expr_alloc(&expr->location, expr->op,
 						      left, tmp);
-			left->ops->pctx_update(&ctx->pctx, nexpr);
+			if (expr->op == OP_EQ)
+				left->ops->pctx_update(&ctx->pctx, nexpr);
 
 			nstmt = expr_stmt_alloc(&stmt->location, nexpr);
 			list_add_tail(&nstmt->list, &stmt->list);
-- 
cgit v1.2.3